This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@astrojs/starlight@0.41.2

Patch Changes

• #4015 bdbfffc Thanks @delucis! - Fixes an issue where aside icons were rendered incorrectly in projects where Astro’s MDX integration had optimization disabled

Changes

Fixes an error that could appear after the dev server restarts when using an adapter that reuses its dev runtime across restarts (e.g. @astrojs/cloudflare). A request would fail with a 500:

The file does not exist at "node_modules/.vite/deps_ssr/astro_compiler-runtime.js?v=6419660d" which is in the optimize deps directory. The dependency might be incompatible with the dep optimizer. Try adding it to `optimizeDeps.exclude`.

• Root cause: on restart, vite-plugin-astro re-ran configEnvironment and pushed astro onto the carried-over resolve.conditions again, producing a duplicate. The duplicate changed the environment's optimizeDeps config hash, forcing a spurious dependency re-optimization on every restart. That re-optimization could leave the reused runtime importing pre-bundled files that had just been rewritten, producing the error above.
• Fix: only add the astro condition when it isn't already present, keeping the config hash stable across restarts so no needless re-optimization is triggered.

Testing

• Adds a vite-plugin-astro unit test asserting configEnvironment adds the astro condition exactly once when called repeatedly (simulating restart).

Docs

• No docs update needed; this is an internal dev-server bug fix with no API change.

Description

• Fixes #3967 (comment)
• We were relying on a type: "html" AST node for icons in our Markdown aside plugin (which provides support for our :::note type syntax). This happens to work when the MDX integration is configured with optimize: true (perhaps accidentally based on chatting to @Princesseuh). Starlight enables optimization by default, but if a user manually adds mdx(), optimization can be disabled, breaking this behaviour.
• The fix is to use a mdxJsxTextElement AST node when processing MDX files that represents <Fragment set:html={icon}>.
• Sätteri doesn’t currently provide a way to know if a plugin is running against an MDX file or a regular Markdown file, so for now this PR uses a basic check of the file’s extension. Not sure if we’re happy to publish with this to get the bug fixed or wait on an official flag.

Description

This PR updates the Playwright version used in the monorepo to workaround a browser installation issue on Node.js 24 and Node.js 26 (reported on Discord)

Basically, looks like Node.js 24.16.0 bumped libuv which surfaced this early-exit issue which was fixed in microsoft/playwright#40747.

I confirmed the issue by running locally npx playwright uninstall --all and then pnpm test:e2e on Node.js 24.17.0 which hang indefinitely. After this change and running both commands again, the installation and tests run successfully.

Fixes #16767

In React 19 dev mode, the check() renderer probe calls the component inside a Tester wrapper during SSR. When the component uses hooks, React emits an "Invalid hook call" warning because the hooks run in Tester's render context instead of the component's own.

The warning is a false positive — the component works correctly. This wraps the probe render with a targeted console.error suppressor that filters only the "Invalid hook call" message, leaving all other errors intact.

Changes

Docs is ahead of us in Prettier version and it breaks our smoke tests

Testing

N/A, though smoke tests should now pass

Docs

N/A

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

astro@7.0.5

Patch Changes

• #17202 c6d254d Thanks @matthewp! - Refactors path alias resolution to use Vite's native tsconfigPaths option

  This is an internal change with no expected impact on user projects. Astro now defers tsconfig and jsconfig paths alias resolution to Vite, keeping a small fallback for a few CSS cases Vite does not yet handle.

• #17123 72e29bd Thanks @martrapp! - Fixes an issue where the ClientRouter wipes head elements after page transitions if the <head> contains a server:defer component.

• #17232 257505e Thanks @matthewp! - Fixes a bug where <style> tags from components such as a content collection's Content could be silently dropped from the output when an await appeared before the component in an .astro file's markup.

• #17193 a7352fd Thanks @jan-kubica! - Fixes the background dev server failing to start when astro is hoisted outside the project's node_modules (for example bun workspaces). The background process is now spawned from Astro's own resolved location instead of a path assumed under the project root.

@astrojs/cloudflare@14.0.3

Patch Changes

• #17236 c411200 Thanks @matthewp! - Prevents warnings in the Cloudflare adapter about optimizing the @astrojs/cloudflare/entrypoints/server module in dev.

• Updated dependencies []:

  • @astrojs/underscore-redirects@1.0.3

Changes

• Adds @astrojs/cloudflare/entrypoints/server to optimizeDeps.include for the server (ssr) environment so the worker entrypoint is pre-bundled during dev startup.
• Previously it was referenced only via wrangler.jsonc's main, so Vite's dep scan never reached it and discovered it lazily on the first request — logging ✨ new dependencies optimized: @astrojs/cloudflare/entrypoints/server and triggering a re-optimization (and reload).

Testing

• No automated test added; verified manually by running astro dev on the astro-dev-platform fixture with a cleared .vite cache and confirming the entrypoint now appears in deps_ssr/_metadata.json (pre-bundled up front) instead of being optimized lazily.

Docs

• No docs update needed; this is an internal dev-server optimization with no user-facing API change.

Changes

This PR restores two workflows:

• Automatic closure for missing reproduction. I adapted the script I created in the biome repository to the Astro repository. The script works in the other repo, so it's tested (with the secrets we have)
• Restore the "Wontfix" workflow using the gh CLI

Testing

Green CI

Docs

N/A

Description

This PR adds zizmor to make Starlight's GitHub actions more robust and follow best practice security recommendations.

I adapted all actions to comply with zizmor's basic rules and also created a .github/zizmor.yml configuration file to ignore specific warnings which we accept (like usages of pull_request_target triggers in two workflow files).

I also added a new .github/workflows/zizmor.yml action, which validates all actions to continue to follow best practices.

To be honest, it would be nothing short of a miracle if all workflows worked on the first try.

Removed duplicate entry for '**/examples/' in the ESLint config.

Description

• Closes #
• What does this PR change? Give us a brief description.
• Did you change something visual? A before/after screenshot can be helpful.

Adds Starlight MD3 to the community themes list.

This PR adds:

• a new theme entry for Starlight MD3 in docs/src/content/docs/resources/themes.mdx
• light and dark preview images for the theme
• a link to the live demo site

Theme demo:
https://axiaobo7788.github.io/starlight-material-design-theme/

Theme source:
https://github.com/aXiaobo7788/starlight-material-design-theme

npm package:
https://www.npmjs.com/package/starlight-theme-md3

This is a docs/resources update only and does not change Starlight runtime behavior.

Testing

Not run in this fork. The change only adds a community theme listing and static preview assets.

The linked theme package was separately built, packaged, and published as starlight-theme-md3@0.1.3.

Changes

• Fixes <style> tags from propagating components (e.g. a content collection's Content) being silently dropped when an await appears before the component in slot markup.
• Head propagation discovers these components by eagerly pre-rendering slots. An await in the slot suspended that pre-render before the component was reached, so it registered too late and its styles were never collected. Astro now awaits pending async slot pre-renders while collecting head content on routes that use propagation. Routes without propagation are unaffected and keep streaming.

Testing

• Adds a content-collections integration test: a Content rendered after an await in slot markup, asserting its propagated stylesheet survives.
• Adds unit tests for the head-collection loop covering an async slot that registers a propagator after an await, including a nested case.

Docs

• No docs update needed — restores expected behavior that component styles are collected regardless of where await appears.

Closes #17218

Reverts #17228. I have a better fix for #17218 coming in a follow-up.

Summary

Fix high severity security issue in packages/astro/src/core/session/handler.ts.

Vulnerability

Description: The session handler accepts attacker-provided session identifiers, allowing session fixation attacks where an attacker sets a user's session ID before login and hijacks the session after authentication.

Evidence

Exploitation scenario: Send malicious link with pre-set session ID parameter to user, then wait for user to authenticate and hijack their session.

Scanner confirmation: multi_agent_ai rule V-003 flagged this pattern.

Production code: This file is in the production codebase, not test-only code.

Threat Model Context

This is a Node.js library - vulnerabilities affect downstream consumers who use this package.

Changes

• packages/astro/src/core/session/runtime.ts

Verification

• Build passes
• Scanner re-scan confirms fix
• LLM code review passed

Security Invariant

Property: Protected endpoints reject unauthenticated requests

import { createSessionHandler } from 'packages/astro/src/core/session/handler';

describe('Protected endpoints reject unauthenticated requests', () => {
  const payloads = [
    { description: 'missing token', token: null },
    { description: 'expired token', token: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzAwMDAwMDB9.invalid' },
    { description: 'malformed token', token: 'malformed.token.here' },
    { description: 'empty token', token: '' },
    { description: 'valid token', token: 'valid.token.here' }
  ];

  test.each(payloads)('rejects adversarial input: $description', async ({ token }) => {
    const handler = createSessionHandler();
    const mockRequest = {
      headers: {
        authorization: token ? `Bearer ${token}` : undefined
      }
    };
    const mockResponse = {
      status: jest.fn().mockReturnThis(),
      json: jest.fn()
    };

    await handler(mockRequest as any, mockResponse as any);

    if (token !== 'valid.token.here') {
      expect(mockResponse.status).toHaveBeenCalledWith(401);
    } else {
      expect(mockResponse.status).not.toHaveBeenCalledWith(401);
    }
  });
});

This test guards against regressions — it's useful independent of the code change above.

Automated security fix by OrbisAI Security

Changes

• Fixes a race condition where <style> tags from propagating components (e.g. content collection Content with propagation: 'self') were silently dropped from the build output when await appeared in the template/markup section of an .astro file. Moving the await to the frontmatter was the only workaround.
• The root cause: AstroComponentInstance pre-renders slots eagerly to trigger propagator registration, but when a slot function is async it returns a Promise. bufferPropagatedHead ran before the Promise resolved, collecting zero propagators and dropping their styles.
• Fix: async slot pre-render Promises are tracked on a new pendingSlotEvaluations field of SSRMetadata. bufferPropagatedHead awaits them all before collecting head parts.

Closes #17218

Testing

• Added 'awaits pending async slot evaluations before collecting head parts' to packages/astro/test/units/render/head-propagation/runtime.test.ts. It pushes a delayed Promise that registers a propagator, then verifies bufferPropagatedHead waits for it and collects the resulting style tag.
• Updated runtime-adapters.test.ts and server-islands-render.test.ts fixtures to include the new pendingSlotEvaluations field on SSRMetadata.

Docs

No docs update needed — this is a bug fix restoring already-documented behavior (styles from components should always be collected regardless of where await appears).

Summary

The core SSR request path parses request.url and rebuilds a few small things more often than it has to. This cuts that repeated work on the hot path. Nothing about the rendered output changes, and no public API moves; it's all internal.

This started as a bigger PR and was trimmed after review. The cross-adapter URL sharing (a new RenderOptions.url option) and the createOutgoingHttpHeaders rewrite are out, and the adapter side will come back on its own as a minor. What's left here is internal to astro core and stays a patch.

What changed

• Domain-based i18n only looks at the Host header when a domains-* strategy is configured. That condition is now worked out once in the constructor, so every other app skips the probe, and the URL parse behind it, in both match() and render().
• TrailingSlashHandler uses the raw pathname and search that FetchState captures before it normalizes the URL, instead of parsing request.url a second time to get them back.
• getParams checks the route's own pattern and then its fallback routes, stopping at the first match, rather than building throwaway arrays with .map().map().find().
• The in-memory cache provider reuses the URL already sitting on context.url (and checks the request method first) instead of parsing context.request.url again.
• Domain-based i18n parses each domainLookupTable key once and keeps it per table, instead of re-parsing every key on every request.

Testing

No behavior change, so nothing new to test. The paths above are covered by the existing unit suites (routing, i18n, app, cache, fetch), which pass, and the typecheck is clean.

Benchmarks

Micro-benchmarks, median of 7 runs on the same machine, for the changes that stayed in this PR:

On a render-heavy page this is lost in the noise, since HTML rendering dominates. It shows up more on light responses like endpoints, redirects and 304s, where per-request setup is a bigger slice of the work.

Investigated and measured with help from Claude Opus 4.8.

Changes

• Inline .astro <style> blocks now respect vite.build.target (and cssTarget) even when vite.build.minify / cssMinify is false. Previously, the @astrojs/compiler-rs compiler used lightningcss internally for CSS scoping and inadvertently modernized CSS syntax (e.g. min-width: 1000px → width >= 1000px). With minification enabled, Vite's minifyCSS step would reverse this via target-based lowering. With minification disabled, that lowering was skipped entirely, leaving modernized syntax in the output regardless of the configured target.
• Adds a lowerCssToTargets() step in compile.ts that runs lightningcss with minify: false and the user's configured targets after the compiler returns CSS, but only when command === 'build', cssMinify is falsy, and a cssTarget is set. The target string conversion (esbuild/Vite format → lightningcss format) mirrors Vite's internal convertTargets logic.

Closes #17225

Testing

• Adds packages/astro/test/config-vite-css-target-no-minify.test.ts with a new fixture (config-vite-css-target-no-minify/) targeting safari14 with minify: false. Covers: MQ range syntax is not used (min-width preserved), and inset shorthand is not used (longhand top/right/bottom/left preserved).

Docs

• No docs update needed — this is a bug fix restoring already-documented behavior for an existing config option.

Note: A changeset has not been added to this PR yet. One should be added before merge (patch bump for astro).

Changes

• Dynamic file endpoints like src/pages/api/[name].json.ts with trailingSlash: "always" now correctly return 200 for /api/bar.json and 404 for /api/bar.json/ in dev mode, matching production behavior and the documented Astro v6 rule that file endpoints are never served with a trailing slash.
• Root cause: trailingSlashForPath checked pathname && hasFileExtension(pathname), but pathname is null for dynamic routes (any segment with a param). The fix adds an optional route fallback parameter — the string from joinSegments — which preserves file extensions even for dynamic segments (e.g., /api/[name].json), allowing the file-extension check to work correctly.

Testing

• Added 'dynamic file endpoints force trailingSlash never. issues#17001' in packages/astro/test/units/routing/manifest.test.ts: creates a [name].json.ts page under trailingSlash: "always" and asserts the generated route pattern matches without a trailing slash and rejects with one.

Docs

• No docs update needed — this restores already-documented Astro v6 behavior.

Closes #17001

Changes

• getCollection() in dev mode silently returned an empty array for content collections with ~500k+ entries. The virtual module for the data store used dataToEsm() to serialize the store as a JS object literal, which for large collections produces ~7.5MB of JS source. Vite's ssrTransformScript passed this to rolldown/oxc-parser's parseAstAsync(), whose resulting AST was too large to cross the NAPI bridge — throwing "Failed to convert rust String into napi string", silently caught in ImmutableDataStore.fromModule(), returning an empty store.
• Replaced dataToEsm(parsed, { compact: true }) with export default JSON.parse(${JSON.stringify(jsonData)}). This embeds the data as a single string literal, keeping the AST tiny regardless of collection size. As a bonus, JSON.parse() of a string literal is faster to evaluate than a large object literal. Removed the now-unused dataToEsm import.

Testing

• No new tests added — generating 500k entries in CI is too slow. All existing content collection tests (59/59 content-collections, 64/64 content-layer unit tests) continue to pass.

Docs

• No docs update needed; this is a dev-mode bug fix with no API changes.

Closes #17220

Removed the LinkCard for 'starlight-utils' from the documentation as I no longer have time to maintain this (and it's very out of date). In the documentation site I offer some alternatives for the functionality that this package included.

Changes

• Warms up the dev server before the experimental client prerender prefetch tests run.
• Avoids racing immediate page assertions against Vite dev reloads on Windows.

Testing

• Updates the existing prefetch E2E setup for the client prerender block.

Docs

• No docs needed; test-only change.

Changes

• resolveTargetVersion() now compares the dist-tag version against the currently installed version before applying it. If the dist-tag resolves to an older version than what's installed, the function falls back to latest instead of downgrading.
• Fixes the case where pnpm dlx @astrojs/upgrade beta would silently downgrade companion packages (e.g. @astrojs/sitemap from 3.7.3 → 3.6.1-beta.3) when their beta dist-tag pointed to a pre-release that predated the current stable.
• resolveTargetVersion is now exported so it can be unit-tested directly.

Testing

• Added describe('resolveTargetVersion') in packages/upgrade/test/verify.test.ts with three cases: no-downgrade when the beta dist-tag is older than the installed version; correct upgrade when the beta dist-tag is newer; and fallback to latest when the requested dist-tag doesn't exist on the registry.

Docs

• No docs update needed; this is a bug fix for internal @astrojs/upgrade behavior with no API surface change.

Closes #17024

Changes

• Clarifies that RouteCache provides a shared static-path table for matching, props resolution, and prerender generation.
• Documents why dev request handling does not clear the route cache per request.

Testing

• Not run; comment-only change.

Docs

• No user-facing docs update needed; this only documents an internal invariant.

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

astro@7.0.4

Patch Changes

• #17212 7ba0bb1 Thanks @matthewp! - Ensures transition directive values are HTML-escaped when rendered on hydrated islands

• #17224 dc5e52f Thanks @astrobot-houston! - Fixes trailing slash handling for dynamic file endpoints in dev mode. Dynamic file endpoints (e.g., src/pages/api/[name].json.ts) with trailingSlash: "always" incorrectly required a trailing slash in dev mode, returning 404 for /api/bar.json and 200 for /api/bar.json/.

• #17067 23f9446 Thanks @fkatsuhiro! - Fixed a bug where the development toolbar did not output a warning even though the implicit ARIA role and the manually specified role were duplicated.

• #17234 d5fbee8 Thanks @ocavue! - Adds support for sharp v0.35. pnpm users no longer need to approve sharp's build script (see allowBuilds) when on v0.35.

• #17223 5970ef4 Thanks @astrobot-houston! - Fixes getCollection() returning empty in dev mode for large content collections (500k+ entries)

• #17184 799e5cd Thanks @Princesseuh! - Upgrades the Rust compiler to the latest, which fixes some bugs. Refer to its changelog for more information.

• #17208 da8b573 Thanks @matthewp! - Hardens forwarded header handling so the internal request helper validates X-Forwarded-Host against security.allowedDomains before trusting X-Forwarded-For for clientAddress. Previously it only checked that the header was present, which was inconsistent with the public createRequest helper. This aligns both code paths; behavior is unchanged for correctly configured proxies.

@astrojs/rss@4.0.19

Patch Changes

• #17209 fbcfa03 Thanks @matthewp! - Hardens RSS feed generation by escaping the source and enclosure item fields. These fields are now serialized as structured XML values, ensuring that special characters in values like source.title and enclosure.type are always treated as text rather than markup, consistent with how other feed fields are handled.

create-astro@5.2.1

Patch Changes

• #17205 e37dfe2 Thanks @astrobot-houston! - Fixes dependency installation when creating Astro projects with pnpm 11+

@astrojs/cloudflare@14.0.2

Patch Changes

• #17049 ffceaa2 Thanks @astrobot-houston! - Fixes prerender errors being silently swallowed when pages throw during rendering in workerd, causing astro build to exit 0 and emit truncated HTML. The response body is now fully buffered inside workerd before being sent back to the build process, so streaming errors are caught and surfaced as build failures with clear error messages.

• Updated dependencies []:

  • @astrojs/underscore-redirects@1.0.3

Changes

• HTML-escapes transition directive values before copying them onto hydrated island attributes.
• Keeps transition attributes on the island wrapper while preserving the existing render path.

Testing

• Adds hydration unit coverage that renders generated island HTML and asserts transition directive attribute values are encoded.

Docs

• No docs update needed; this aligns internal island attribute rendering with existing escaping behavior.

Changes

Needed for smoke tests

Testing

Smoke tests should pass!

Docs

N/A

Changes

• Builds the source and enclosure item elements as structured XML objects instead of interpolating values into a string and re-parsing them. This ensures special characters in fields like source.title and enclosure.type are always serialized as text, consistent with how every other feed field is already handled.

Testing

• Adds two cases covering source and enclosure fields containing XML special characters, asserting the values round-trip verbatim and produce exactly one element each.

Docs

• No docs update needed; this is an internal serialization change with no API surface change.

Changes

• Aligns the internal createRequestFromNodeRequest helper with the public createRequest: X-Forwarded-For is only trusted for clientAddress when X-Forwarded-Host actually matches security.allowedDomains, instead of just checking that the header is present.
• No behavior change for correctly configured proxies; this only tightens consistency between the two request helpers.

Testing

• Adds a createRequestFromNodeRequest test block covering: trusted Host, trusted X-Forwarded-Host, a non-matching X-Forwarded-Host (now falls back to the socket address), and the no-allowedDomains case.

Docs

• No docs update needed; allowedDomains behavior is unchanged from a user's perspective.

Description

• What does this PR change? Give us a brief description.
  Hey everyone! 👋 I recently spent a couple of weeks building a local-first browser editor for Starlight called Axiom Studio. I originally built it to make my own MDX and frontmatter editing workflow easier and safer without needing any external CMS or database.

Thought it might be useful for other indie makers and developers in the Astro ecosystem, so I added it to the community tools list in plugins.mdx. (I also included a short demo video on the link if you're curious to see how the local editing actually works in action). Let me know if the format looks good!

• Did you change something visual? A before/after screenshot can be helpful.
  Nope, no visual changes to the docs themselves. Just added the new <LinkCard> to the bottom of the grid.

Closes #17204
Closes #17091

Changes

• Adds an ensurePnpmBuildsAllowed() helper that writes allowBuilds entries for esbuild and sharp into pnpm-workspace.yaml before running pnpm install. This mirrors the existing ensureYarnLock() pattern for Yarn Berry.
• pnpm v11.0.0 set strictDepBuilds to true by default, causing pnpm install to exit non-zero when any dependency has an unapproved build script. Both esbuild and sharp (Astro dependencies) have postinstall scripts, so pnpm create astro would fail with ERR_PNPM_IGNORED_BUILDS and leave node_modules uninstalled.
• If allowBuilds is already present in pnpm-workspace.yaml, the helper skips writing to avoid overriding user configuration.

Testing

• No new tests added — the helper runs during the live pnpm install call and is difficult to unit test in isolation. All 120 existing tests continue to pass.
• Confirmed end-to-end by issue reporter (@jettwayio): npx create-astro --template starlight now creates node_modules successfully with pnpm v11.

Docs

• No docs update needed — this is an internal scaffolding fix with no user-facing API change.

Note: A changeset for create-astro is needed before merging.

Changes

• Enables Vite's native resolve.tsconfigPaths by default.
• Keeps Astro's custom alias plugin as a documented deprecated fallback for the cases it already supports.
• Adds comments clarifying the fallback CSS/module support and future removal intent.

Testing

• No new tests; existing alias coverage verifies the fallback behavior remains intact.

Docs

• No docs update needed because this changes internal resolution defaults.

Related #17163

Changes

This removes a lot of deps from Astro because rehype and co are quite heavy for just doing this. We already use ultrahtml elsewhere, so why not here.

Testing

Tests should pass

Docs

N/A

It is better to merge #17179 first (while it does change only the remaining twitter:* meta tags).

Changes

• Corrected the twitter:card meta tag to use name instead of property. Resource
• Applied the fix in the blog component and matching e2e fixtures.

Testing

• Verified generated HTML no longer includes the Twitter meta tags as property but name.
• Confirmed remaining Twitter metadata continues to render correctly.

Docs

• No docs changes needed.

Resources

Is there a resource or something that states that those tags are redundant? You should provide those resources together with the PR

Normally the link I'd have shown would've been: https://developer.x.com/en/docs/twitter-for-websites/cards/overview/markup
But it doesn't work because they've removed it and one cannot find it anywhere.

But Wayback Machine comes to help:

• https://web.archive.org/web/20240613190853/https://developer.x.com/en/docs/twitter-for-websites/cards/overview/markup
• https://web.archive.org/web/20240616101429/https://developer.x.com/en/docs/twitter-for-websites/cards/guides/getting-started

As you can see for twitter:* meta tags, name is used.

<meta name="twitter:card" content="summary" />
<meta name="twitter:site" content="@">
<meta name="twitter:creator" content="@">
<meta property="og:url" content="">
<meta property="og:title" content="">
<meta property="og:description" content="">
<meta property="og:image" content="">

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@astrojs/starlight@0.41.1

Patch Changes

• #3967 72e63dc Thanks @HiDeoo! - Adds 2 new icons: link and link-alt.

• #3988 ac55cfa Thanks @delucis! - Fixes a dependency resolution issue introduced in Starlight v0.41

• #3967 72e63dc Thanks @HiDeoo! - Optimizes the icons of Markdown asides.

Description

• Closes #3987
• Updates Expressive Code to the new release that supports Astro 7

Changes

• The background dev server (auto-enabled for agentic environments) fails to start when astro is hoisted outside the project's node_modules (for example bun workspaces). The foreground server is unaffected.
• cli/dev/background.ts spawns resolve(rootPath, 'node_modules', 'astro', 'bin', 'astro.mjs'), which doesn't exist in a hoisted layout, so the detached child exits with ERR_MODULE_NOT_FOUND and the parent reports Dev server process exited before becoming ready.
• Fix: resolve the bin from Astro's own location (astro/package.json → ../bin/astro.mjs) so it spawns itself regardless of install layout.

Same family as #17135 / #17190.

Testing

Manual: an Astro app in a bun workspace with hoisted deps, background mode. Before: Dev server process exited before becoming ready (.astro/dev.log: Module not found …/node_modules/astro/bin/astro.mjs). After: starts normally.

Docs

None — restores existing behavior in monorepos.

Changes

Hardens a flaky e2e test: Dev Toolbar - Audits › can warn about perf issue for below the fold image in absolute container.

The audit gates highlight creation on the image's load event (apps/audit/index.ts awaits load so the above/below-the-fold position checks have accurate layout). The test clicked the audit button and immediately asserted toHaveCount(1) with the default 6s expect timeout. When the optimized image loads slowly (e.g. a contended CI runner), the highlight is not created in time and the assertion intermittently sees 0 highlights, failing every retry.

The test now waits for the image to finish loading before triggering the audit, so the assertion no longer races the image load. No production code changes.

This flaked (all 3 retries) on unrelated CI, e.g. https://github.com/withastro/astro/actions/runs/28129089505/job/83301140796

Testing

• pnpm --filter astro exec playwright test dev-toolbar-audits.test.ts runs 11 passing, executed twice for stability.
• The targeted test passes locally. The change only adds a wait before the audit runs, so it cannot make the assertion less reliable.

Docs

No docs changes; this is test-only. No changeset, since there are no published package changes.

Changes

Custom Markdoc transform functions were being dropped for tags and nodes whose names need bracket access, like side-note.

Here is why. When you set a custom render component, resolveComponentImports removes the transform unless that transform "respects" render (issue #9708, added in #15335). It worked that out by string-matching the transform's source for config.tags?.<key>?.render or config.nodes?.<key>?.render, which only covers dot notation.

A key like side-note can't be read with dot notation at all (config.tags?.side-note?.render parses as a subtraction), so those transforms have to use bracket notation: config.tags?.['side-note']?.render. The old check never matched that, so the transform was always treated as not respecting render and deleted, which broke the tag.

The detection now handles bracket notation alongside dot notation, plus optional chaining and whitespace. Includes a changeset (@astrojs/markdoc patch).

Fixes #17118.

Testing

Added packages/integrations/markdoc/test/resolve-component-imports.test.ts, a unit test over the exported resolveComponentImports:

• a render-respecting transform on a dashed tag (side-note, via bracket access) is kept;
• a transform that does not respect render is still removed so render wins.

I checked it both ways: the first case fails on main (transform deleted) and passes with this change. The full package suite is green too. pnpm --filter @astrojs/markdoc test runs 50 tests, including the existing render-with-transform test for #9708. tsc -b, biome check, prettier --check, and eslint are all clean on the changed files.

Docs

No docs changes. This restores the documented behavior (a custom render together with a custom transform) for tag and node names that contain dashes, and there is no public API change.

Changes

• astro check (and any command that auto-installs dependencies through getPackage) failed to find typescript and @astrojs/check when Astro itself is installed outside the project directory (e.g. a pnpm global/virtual store, or a monorepo where the store isn't under the project).
• Root cause: getPackage resolved the dependency with require.resolve(pkg, { paths: [cwd] }) but then loaded it with a bare import(pkg). A bare specifier resolves relative to Astro's own location, not the project, so the import threw ERR_MODULE_NOT_FOUND even though the package existed in the project.
• Fix: import the resolved absolute path via pathToFileURL(...), so dependencies are loaded from the project directory. The same fix is applied to the post-install import path. Resolving first with require.resolve is preserved (it also avoids caching a failed ESM import before installing).
• Added a changeset (astro patch).

Fixes #17135.

Note: the root cause was already diagnosed by @astrobot-houston in the issue, and @matthewp verified the same fix via the pkg.pr.new preview (astro@9a53f77). Since the previous fix branch was lost, this PR provides a ready implementation with a regression test.

Testing

• Added packages/astro/test/units/cli/install-package.test.ts: installs a dependency only inside a temporary project's node_modules (outside Astro's resolution scope) and asserts getPackage loads it from the provided cwd. This fails on the old bare-import behavior and passes with the fix.
• pnpm --filter astro exec astro-scripts test "test/units/cli/install-package.test.ts" --strip-types → 1 passing.
• biome check, prettier --check, and eslint pass on the changed files.

Docs

No docs changes needed — this restores the documented behavior (resolving dependencies from the user's project) without changing any public API.

Changes

• In dev mode, when multiple routes match a URL pattern, an error thrown inside one route's getStaticPaths() no longer prevents other candidate routes from being tried. Previously, any non-routing error was immediately re-thrown, causing valid sibling routes to return a 500 instead of their correct response.
• The fix stores the first non-routing error and defers re-throwing it until all candidates are exhausted without a match, so the error still surfaces when there's genuinely no valid route.

Closes #9819

Testing

• Added packages/astro/test/units/routing/dev-match-fallthrough.test.ts with two cases: one verifying that route B is matched when route A's getStaticPaths throws, and one verifying the error is still re-thrown when no valid alternative exists.

Docs

• No docs update needed; this is a dev-mode bug fix with no API or user-facing behavior change beyond the bug itself.

Changes

• When pnpm's minimumReleaseAge policy blocks an install, @astrojs/upgrade now shows a clear message explaining that pnpm's policy is the cause, instead of the generic "Dependencies failed to install" message.
• Fixes shell.ts falling back to stdout when stderr is empty on failure. pnpm writes its MINIMUM_RELEASE_AGE_VIOLATION error to stdout, so the previous code discarded it entirely and threw a meaningless "Process exited with code 1" error.

Testing

• Adds 'pnpm minimumReleaseAge error shows specific message' in packages/upgrade/test/install.test.ts: verifies that a MINIMUM_RELEASE_AGE_VIOLATION shell error surfaces the minimumReleaseAge message and suppresses the generic fallback.

Docs

• No docs update needed — this is a CLI error message improvement with no API or configuration surface change.

Closes #17182

Changes

• Adds astro/virtual-modules/transitions.js to the Cloudflare adapter's server optimizeDeps.include list. This prevents Vite from discovering the module mid-request during cold SSR, which was triggering an optimizer reload that invalidated React's hook dispatcher and caused "Invalid hook call" / useContext null errors when using <ClientRouter />.

Testing

• No new tests — the bug only manifests with npm-installed packages (not workspace-linked), so it cannot be reproduced in the monorepo's test suite. The reporter confirmed the fix works in their minimal repro.

Docs

• No docs update needed — this is an internal dev-server reliability fix.

Closes #17166

Changes

• This reverts a patch to changesets added in #15813
• It is no longer needed and causes a turborepo warning (and perhaps we could look at whether it should be upstreamed)

Testing

n/a — dependency change only, existing tests should pass, as should our next release

Docs

n/a

Changes

• Adds a --no-ai flag to create astro, so users can opt out of creating AGENTS.md and CLAUDE.md files if they don’t need them.
• Avoids people having to manually clean up after running create astro.

Testing

Added a small test to make sure the CLI flag is interpreted correctly.

Docs

AFAIK we only document the full list of flags in the package README, so I’ve updated that. That’s what’s linked in the docs here: https://docs.astro.build/en/install-and-setup/#cli-installation-flags
/cc @withastro/maintainers-docs for feedback!

Summary

• update Issue Triage to withastro/triagebot-action v0.3.8
• picks up restored preview release publishing and expanded triage logging

Tests

• Not run (workflow pin update only)

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

create-astro@5.2.0

Minor Changes

• #17185 d64b09b Thanks @delucis! - Adds a --no-ai flag to allow users to opt out of creating AGENTS.md and CLAUDE.md files when running create astro

astro@7.0.3

Patch Changes

• #17189 24d2c9e Thanks @astrobot-houston! - Fixes a bug where an error thrown inside one route's getStaticPaths() would prevent other valid routes from being matched in dev mode

• #16932 8f4a3db Thanks @fkatsuhiro! - Fixes HMR for action files during development. Editing files in src/actions/ now takes effect on the next request without requiring a dev server restart.

• #17087 fb0ab02 Thanks @jp-knj! - Fixes localized custom error pages in i18n projects so routes like /pt/404 are used for missing localized pages and return the correct status code

@astrojs/cloudflare@14.0.1

Patch Changes

• #17175 7a7d879 Thanks @astrobot-houston! - Fixes astro dev OOM crashes for @astrojs/cloudflare users on Vite 8 by migrating the frontmatter scan plugin to Rolldown-compatible options.

• #17187 0db4b57 Thanks @matthewp! - Fixes React invalid hook warning during cold SSR optimizer reload when using ClientRouter

• Updated dependencies []:

  • @astrojs/underscore-redirects@1.0.3

@astrojs/markdoc@2.0.1

Patch Changes

• #17142 973ea49 Thanks @astrobot-houston! - Fixes a crash when rendering shiki-highlighted code blocks inside list items

@astrojs/upgrade@0.7.3

Patch Changes

• #17188 675d11d Thanks @astrobot-houston! - Fixes @astrojs/upgrade showing a generic error when pnpm's minimumReleaseAge policy blocks installation. The error message now explains that pnpm's policy blocked the update and suggests running the install command manually.

Summary

• update issue triage workflow to triagebot-action v0.3.7
• v0.3.7 adds Flue event logging so triage runs show thinking/tool/log progress in Actions

Testing

• git diff --check

Changes

• Fixes astro dev OOM crashes for @astrojs/cloudflare users on Vite 8. The adapter's .astro frontmatter scan plugin was registered via optimizeDeps.esbuildOptions.plugins, which Vite 8 deprecates and ignores. Without the plugin, Vite's HTML scanner misparses .astro frontmatter comments containing backticks (e.g. // Use a `<script>` tag), causing a Rolldown PARSE_ERROR that skips pre-bundling entirely and can OOM the workerd isolate at startup.
• Adds a Rolldown-compatible frontmatter scan plugin (rolldown-plugin-astro-frontmatter.ts) and switches the configEnvironment hook to register it via optimizeDeps.rolldownOptions. Also removes the banner: { js: '' } workaround, which was esbuild-specific and no longer needed.

Closes #17168

Testing

• No new tests added — existing suites (ssr-deps, top-level-return, ts-astro-import, user-optimize-deps) already cover the frontmatter scan plugin behavior and all pass with the new Rolldown plugin.

Docs

• No docs update needed; this is a bug fix with no user-facing API changes.

Summary

• update issue triage workflow to triagebot-action v0.3.6
• v0.3.6 fixes verified-fix PR creation for legacy flue/fix-* branches and delays the issue verified label until PR creation succeeds

Testing

• git diff --check

Summary

• update issue triage workflow to triagebot-action v0.3.5
• v0.3.5 adds mocked triage-flow integration coverage in triagebot-action

Testing

• git diff --check

Summary

• update issue triage workflow to triagebot-action v0.3.3
• v0.3.3 fixes the bundled action syntax error from duplicate createRequire declarations
• v0.3.3 also adds integration tests that run the built action entrypoint and standalone Flue session initialization

Testing

• git diff --check

Summary

• update issue triage workflow to use triagebot-action v0.3.2
• v0.3.2 fixes Flue session initialization now that the triage code runs as a standalone GitHub Action instead of under flue run

Testing

• git diff --check

Summary

• update issue triage workflow to use triagebot-action v0.3.1
• v0.3.1 fixes hyphenated action input parsing for inputs like read-token

Testing

• git diff --check

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

astro@7.0.2

Patch Changes

• Updated dependencies [3b5e994]:
  • @astrojs/markdown-satteri@0.3.2

@astrojs/markdown-satteri@0.3.2

Patch Changes

• #17165 3b5e994 Thanks @Princesseuh! - Fixes headings being listed twice in a page's headings metadata when an integration (such as Starlight) assigns heading IDs with its own heading pass before adding anchor links

Changes

That plugin can run twice in some situations, so it shouldn't blindly append to data

Testing

Added a test

Docs

N/A

For withastro/roadmap#1381

Changes

• Remove obsolete <meta http-equiv="X-UA-Compatible" content="IE=edge"> tags from Astro examples, fixtures, and templates.
• Keep the rest of the head markup unchanged.
• Simplify HTML output and remove legacy IE-only boilerplate.

Testing

• Updated the affected fixtures and example files.
• Verified the change is limited to removing the legacy meta tag.

Docs

• No docs update needed.
• This change removes a legacy browser compatibility tag that is no longer useful for modern browser output.

Changes

• Adds a new createIslandSignal function exported from @astrojs/solid-js/signals that lets users create signals in .astro frontmatter and pass them to multiple client:* Solid components. All islands sharing the same signal get a single reactive instance on the client, so updating it in one island updates all others.
• Signals are detected on the server via Symbol-based branding (Solid signal getters are plain functions with no intrinsic identity, unlike Preact signals which are duck-typeable objects). The server serializes a data-solid-signals JSON attribute mapping prop names to shared signal IDs ("sg0", "sg1", etc.). On the client, a module-level sharedSignalMap creates or reuses createSignal tuples by ID.
• Supports getter props, setter props (encoded with a ! suffix on the signal ID), and signals nested inside arrays or objects.
• Signal values remain callable during SSR (unlike Preact, where .peek() scalars replace signals before render). Props are replaced with scalar values only after rendering, before Astro's serializeProps runs.

Testing

• packages/integrations/solid/test/signals.test.ts — Integration tests verifying data-solid-signals serialization: shared signals between islands get the same ID, array signals produce [id, index] tuples, object signals produce [id, key] tuples, and SSR output contains correct values.
• packages/astro/e2e/solid-signals.test.ts — E2E tests verifying signals hydrate with the correct initial value and that clicking a button in one island reactively updates a shared signal displayed in another island.

Docs

• Docs update needed to document the new @astrojs/solid-js/signals export and createIslandSignal API. Not included in this PR.

Changes

Fixes an issue where using --background --host didn't take the new URLs into consideration.

Testing

Added new tests

Docs

No changes. The feature should be supported out of the box.

Closes #17156

Changes

• Tsconfig path aliases in CSS url() calls (e.g. background-image: url('@assets/ok.png')) now resolve correctly during build, restoring behavior from Astro 6.
• The astro:tsconfig-alias-css pre-transform plugin previously only rewrote @import specifiers. Added a cssUrlRE regex to also rewrite url() references before Vite processes them. In Vite 8, CSS url() resolution does not go through user resolveId hooks, making the pre-transform rewrite the only viable approach.

Testing

• New fixture and test (alias-css-url.test.ts) covering the regression: a <style> tag using url('@assets/ok.png') with a tsconfig @assets/* alias, verified to produce a resolved asset path in the build output.

Docs

• No docs update needed; this restores existing documented behavior for tsconfig aliases in CSS.

Changes

The job wasn't working properly anymore, and I believe the cause was the concurrency part.

Testing

Green CI

Docs

Changes

With the upgrade to Astro 7 I ran into:

[sass] Error: Can't find stylesheet to import.
    ╷
  2 │     @import "@styles/_variables.scss";

in .astro files that have <style lang="scss">.

This extends the workaround fix for aliases.

Testing

Tested it by changing this locally.
Extended the css test case to also test scss imports.

Docs

No doc updates needed, just restores previous behavior.

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

astro@7.0.1

Patch Changes

• #17151 ccceda3 Thanks @matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

• #17158 164df87 Thanks @ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

• #17141 d785b9d Thanks @astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

• #17150 1a61386 Thanks @matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

Changes

• Switches agent detection in astro dev from isAgent() to detectAgenticEnvironment().type === "agent", excluding "hybrid" environments from auto-background mode. isAgent() returns true for both "agent" and "hybrid" types, which causes false positives in terminals like Warp that set TERM_PROGRAM=WarpTerminal.
• Bumps am-i-vibing from ^0.3.0 to ^0.4.0 which classifies Warp as "hybrid" and includes the latest provider list.

Reported in ascorbic/am-i-vibing#89 and Discord.

Testing

• No test changes. The fix is a one-line predicate change in isRunByAgent() and there are no existing tests for agent detection.

Docs

• No docs update needed. This is a bug fix to existing behavior.

Changes

• Spawns process.execPath (node) directly with node_modules/astro/bin/astro.mjs instead of going through the node_modules/.bin/astro shim. On Windows, npm/pnpm/yarn create .cmd batch file shims in .bin/ that cannot be executed by child_process.spawn() without shell: true, causing spawn() to fail and child.pid to be undefined.

Closes #17146

Testing

• No new tests. The spawn codepath in background.ts has no integration test coverage on any platform — existing tests only cover pure formatting/parsing helpers.

Docs

• No docs changes needed. This is an internal bug fix; the --background flag API is unchanged.

Changes

• Fixes a TypeError: node.children.map is not a function crash when using @astrojs/markdoc with the shiki extension and placing a fenced code block inside a list item.
• The root cause is an async/sync mismatch: the shiki fence transform is async, so Markdoc's internal transformChildren() returns a Promise when a code fence is nested in a list. Markdoc's built-in list node has a custom transform() that passes this Promise directly to new Tag() without awaiting it, leaving Tag.children as an unresolved Promise. createTreeNode() in TreeNode.ts then crashes calling .map() on it.
• Fixed by adding await Promise.resolve(node.children) in createTreeNode() before calling .map(), which defensively resolves any Promise-valued children. Synchronous case is unaffected (resolving a non-Promise is a no-op).

Closes #17126

Testing

• Added a test case in packages/integrations/markdoc/test/syntax-highlighting.test.ts that renders a .mdoc file with a shiki-highlighted code fence nested inside a list item, confirming the page builds without error and the highlighted code is present in the output.

Docs

• No docs update needed — this is a bug fix for an internal rendering crash with no API changes.

Closes #17139

Changes

• Wraps all CSS generated by generateImageStylesCSS() in @layer astro.images { … }. Per the CSS cascade spec, unlayered styles always beat layered styles regardless of specificity — so the previous unlayered :where([data-astro-image=constrained]){max-width:100%} was silently overriding any user max-width defined inside a @layer, even though :where() has zero specificity. Putting these defaults into a named layer restores the original intent of :where(): Astro's image styles should always be easy for users to override.
• The layer name astro.images uses a dotted namespace to avoid collisions with user-defined layer names while remaining valid for CSS processors (e.g. lightningcss).
• Note for users: to guarantee astro.images sits below your own layers, declare the order explicitly: @layer astro.images, layout, page, components;. Without an explicit order declaration, the first-seen layer wins — which may or may not be astro.images depending on stylesheet load order.

Testing

• Updated assertions in packages/astro/test/units/assets/utils.test.ts to expect the @layer astro.images { … } wrapper around the generated CSS output.

Docs

• No docs update needed. image.responsiveStyles is already documented as producing overridable defaults; this fix makes that promise actually true when users write CSS layers.

Changes

Root cause

When nested css file content updated, delete metadata, this cause full-reload.

if (isUpdatedFileCssDep) {
	astroFileToCompileMetadata.delete(astroFile);
}

Solution

Prevent full-reload by using compile metadata, and fall back to deleting metadata if undetected.

try {
	const code = await readFile(astroFile, 'utf-8');
	await compile(code, astroFile);
} catch {
	astroFileToCompileMetadata.delete(astroFile);
}

Testing

• Prepared test data in the fixture
• Mocked the HMR context
• Mocked and executed the handleHotUpdate function
• Verified that the metadata was not deleted

Before implementation

After implementation

Docs

close #16310

What changed

• adds a Cloudflare fixture with an Astro Action
• verifies two consecutive builds succeed while reusing the warm Vite dependency cache
• removes the broad three-attempt fixture build retry that masked stale prebundle failures

Why

Astro issue #16933 reported Cloudflare builds failing when src/actions/index.ts was present because dependency optimization could observe a stale prebundle. The runtime startup change in #16961 addressed the production failure; this PR adds deterministic regression coverage so that behavior remains protected and optimizer races fail visibly instead of being hidden by retries.

Validation

• Cloudflare integration build passes
• optimizer-sensitive test subset: 11 passed
• full Cloudflare adapter suite: 263 passed, 1 skipped, 0 failed
• Biome and Prettier checks pass
• lockfile frozen install check passes

Changes

• ctx.request.signal in the dev server now fires abort and sets signal.aborted = true when the client disconnects, matching production behavior with the Node adapter.
• In vite-plugin-app/app.ts, an AbortController is created per request, its abort() is wired to the socket's close event, and the signal is passed to createRequest() via the existing init option — no new API surface required.

Testing

• Adds a dev-signal-test API endpoint fixture that awaits either signal.abort or a 5-second timeout, returning { aborted }.
• Adds a new describe block in request-signal.test.ts that starts a dev server, aborts a fetch mid-flight, and asserts the endpoint observed aborted = true; a follow-up non-aborted request asserts aborted = false.

Docs

No docs update needed — this restores parity between dev and production; no user-facing API changed.

Closes #17120

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

astro@7.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

• #16965 57ead0d Thanks @Princesseuh! - Makes 'jsx' the default value for compressHTML

  Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.

  This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.

• #16610 c63e7e4 Thanks @matthewp! - Adds background dev server management for AI coding agents.

  When an AI coding agent is detected, astro dev now automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.

  A lock file (.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.

  New flag and subcommands

  • astro dev --background — Start the dev server as a background process (this is what runs automatically when an agent is detected).
  • astro dev stop — Stop a running background dev server.
  • astro dev status — Check if a dev server is running and display its URL, PID, and uptime.
  • astro dev logs — View logs from a background dev server. Use --follow (-f) to stream new output as it's written.

  These allow you to start and manage dev servers programmatically and were designed with AI coding agents in mind.

  What should I do?

  No action is required. If you are not using an AI coding agent, astro dev behaves exactly as before. If you are using an agent, background mode is enabled automatically — the agent will receive the server URL and PID, and can use astro dev stop to shut it down.

  To opt out of automatic background mode when an agent is detected, set the environment variable ASTRO_DEV_BACKGROUND=0 before running astro dev.

• #17010 0606073 Thanks @ocavue! - Removes the @astrojs/db package as it is no longer maintained.

  The @astrojs/db package were deprecated in v6.4.5 and is now removed. This means the astro db, astro login, astro logout, astro link, and astro init CLI commands have also been removed.

  If you were using Astro DB in your project, remove @astrojs/db from your project's dependencies and replace it with one of the following alternatives:

  • Node.js built-in SQLite: Node.js now includes a built-in node:sqlite module (available since Node.js v22.5.0). This is a good option if you are using the Node.js adapter and were using @astrojs/db for local SQLite storage.
  • Drizzle ORM: If you were using @astrojs/db for its Drizzle-based schema and query API, you can use Drizzle directly with any supported database.
  • Other database libraries: Use any database library that suits your deployment platform (e.g. Turso, PlanetScale, Neon).

• #16462 c30a778 Thanks @Princesseuh! - Replaces the Go compiler with a Rust-based version.

  The Rust-based Astro compiler (@astrojs/compiler-rs) is now the default compiler. This new compiler is faster and more reliable, leading to faster build times and iteration cycles during development.

  This new compiler is more strict regarding invalid syntax. For example, unclosed HTML tags will now throw an error instead of being ignored. It also does not attempt to correct semantically invalid HTML anymore, instead leaving it to the browser to handle, similar to other tools or document.write() in JavaScript.

  The previous Go-based compiler has been removed, along with the experimental.rustCompiler flag used to opt into the Rust compiler. If you were setting experimental.rustCompiler in your astro.config.mjs, you can now remove it. No other action is required.

• #16966 6650ec2 Thanks @Princesseuh! - Makes Sätteri the default Markdown processor

  Astro now renders .md files with satteri() from @astrojs/markdown-satteri, its native Markdown pipeline, instead of the remark/rehype pipeline. @astrojs/markdown-remark is no longer installed by default.

  To keep using the remark/rehype pipeline, install @astrojs/markdown-remark and set it as your processor:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import { unified } from '@astrojs/markdown-remark';
  
  export default defineConfig({
    markdown: {
      processor: unified(),
    },
  });

  The deprecated markdown.remarkPlugins, markdown.rehypePlugins, and markdown.remarkRehype options still work, but now require @astrojs/markdown-remark to be used.

• #16877 3b7d76e Thanks @matthewp! - Enables advanced routing by default.

  The advanced routing feature introduced behind a flag in v6.3.0 is no longer experimental and is now enabled by default.

  This gives full control over how requests flow through your application, with first-class support for frameworks like Hono.

  Advanced routing now uses src/fetch.ts as default entrypoint instead of src/app.ts.

  If you were previously using this feature without a custom entrypoint, please configure fetchFile or rename your entrypoint to src/fetch.ts, and then remove the experimental flag from your Astro config:

  import { defineConfig } from 'astro/config';
  
  export default defineConfig({
    experimental {
  -    advancedRouting: true,
    },
  +  fetchFile: 'app.ts' // optional, you only need this if you cannot rename your entrypoint.
  });

  fetchFile is now a top-level config option instead of being nested under experimental.advancedRouting. If you were using a custom entrypoint, please update your Astro config to move its configuration:

  // astro.config.mjs
  export default defineConfig({
  -  experimental: {
  -    advancedRouting: {
  -      fetchFile: 'my-custom-entrypoint.ts',
  -    },
  -  },
  +  fetchFile: 'my-custom-entrypoint.ts',
  })

  You can also set fetchFile: null to disable the entrypoint if you are using src/fetch.ts for another purpose, or don’t need advanced routing features.

  If you have been waiting for stabilization before using advanced routing, you can now do so.

  Please see the advanced routing guide in docs for more about this feature.

• #16725 10229f7 Thanks @ArmandPhilippot! - Removes deprecated APIs exported from astro:transitions.

  In Astro 6.x, some helpers available in astro:transitions and astro:transitions/client were deprecated.

  In Astro 7.0, the following APIs can no longer be used in your project:

  • TRANSITION_BEFORE_PREPARATION
  • TRANSITION_AFTER_PREPARATION
  • TRANSITION_BEFORE_SWAP
  • TRANSITION_AFTER_SWAP
  • TRANSITION_PAGE_LOAD
  • isTransitionBeforePreparationEvent()
  • isTransitionBeforeSwapEvent()
  • createAnimationScope()

  What should I do?

  Remove any occurrence of createAnimationScope():

  -import { createAnimationScope } from 'astro:transitions';

  Replace any occurrence of the other APIs using the lifecycle event names directly:

  -import {
  -	TRANSITION_AFTER_SWAP,
  -	isTransitionBeforePreparationEvent,
  -} from 'astro:transitions/client';
  
  -console.log(isTransitionBeforePreparationEvent(event));
  +console.log(event.type === 'astro:before-preparation');
  
  -console.log(TRANSITION_AFTER_SWAP);
  +console.log('astro:after-swap');

  Learn more about all utilities available in the View Transitions Router API Reference.

Minor Changes

• #16998 57dcc31 Thanks @matthewp! - Exposes getFetchState() from astro/hono as a public API

  The getFetchState() function retrieves or lazily creates a FetchState from a Hono context object. This allows third-party packages to build Hono middleware that interacts with Astro's per-request state, giving the astro/hono API the same extensibility as astro/fetch.

  import { Hono } from 'hono';
  import { getFetchState, pages } from 'astro/hono';
  
  const app = new Hono();
  
  app.use(async (context, next) => {
    const state = getFetchState(context);
    state.locals.message = 'Hello from custom middleware';
    await next();
  });
  
  app.use(pages());
  
  export default app;

• #16996 300641e Thanks @florian-lefebvre! - Adds a subset field to the FontData type exposed via fontData from astro:assets. When using multiple font subsets (e.g., subsets: ["latin", "korean"]), each font data entry now includes the subset name, making it possible to distinguish between font entries for different subsets that share the same weight and style.

• #16745 f864a80 Thanks @ematipico! - The custom logger feature introduced behind a flag in v6.2.0 is no longer experimental and is available for general use.

  This feature provides better control over Astro's logging infrastructure by allowing you to replace the default console output with custom logging implementations (e.g., structured JSON). This is particularly useful for on-demand rendering when connecting to log aggregation services such as Kibana, Logstash, CloudWatch, Grafana, or Loki.

  Astro provides three built-in log handlers (json, node, and console), and you can also create your own.

  JSON logging

  import { defineConfig, logHandlers } from 'astro/config';
  
  export default defineConfig({
    logger: logHandlers.json({
      pretty: true,
      level: 'warn',
    }),
  });

  Custom logger

  import { defineConfig } from 'astro/config';
  
  export default defineConfig({
    logger: {
      entrypoint: '@org/custom-logger',
    },
  });

  Additionally, context.logger is now always available in API routes and middleware, even without a custom logger configured.

  If you were previously using this feature, please remove the experimental flag from your Astro config:

  import { defineConfig } from 'astro/config';
  
  export default defineConfig({
  -  experimental: {
  -    logger: {
  -      entrypoint: '@org/custom-logger',
  -    },
  -  },
  +  logger: {
  +    entrypoint: '@org/custom-logger',
  +  },
  });

  If you have been waiting for stabilization before using custom loggers, you can now do so.

  Please see the Logger docs for more about this feature.

• #16981 0d6d644 Thanks @ematipico! - Removes the setting experimental.queuedRendering. The new rendering engine is now stable and replaces the old one.

  As part of the stabilization, the queued rendering has been improved, and some features have been removed:

  • The construction of the queue has been removed, instead now Astro uses a streaming approach where components are rendered and flushed as they are encountered.
  • The node polling feature has been removed because it doesn't yield concrete savings.
  • The content cache has been descoped, and how only tag names are cached.
    If you were previously using this experimental feature, you must remove this experimental flag from your configuration as it no longer exists:

  // astro.config.mjs
  import { defineConfig } from "astro/config";
  
  export default defineConfig({
    experimental: {
  -    queuedRendering: {}
    }
  });

• #17116 f95e58e Thanks @ascorbic! - Stabilizes route caching, removing the experimental.cache and experimental.routeRules flags and replacing them with the top-level cache and routeRules configuration options.

  Route caching, introduced experimentally in v6.0.0, is now stable. It gives you a platform-agnostic way to cache responses from on-demand rendered pages and endpoints, based on standard HTTP caching semantics.

  Update your config to move cache and routeRules out of the experimental block:

  // astro.config.mjs
  import { defineConfig, memoryCache } from 'astro/config';
  
  export default defineConfig({
  -  experimental: {
  -    cache: {
  -      provider: memoryCache(),
  -    },
  -    routeRules: {
  -      '/blog/[...path]': { maxAge: 300, swr: 60 },
  -    },
  -  },
  +  cache: {
  +    provider: memoryCache(),
  +  },
  +  routeRules: {
  +    '/blog/[...path]': { maxAge: 300, swr: 60 },
  +  },
  });

  Set caching directives in your routes with Astro.cache (in .astro pages) or context.cache (in API routes and middleware), and Astro translates them into the appropriate headers or runtime behavior depending on your configured cache provider. You can also define cache rules for routes declaratively in your config using routeRules, without modifying route code.

  See the route caching guide for more information.

Patch Changes

• #16980 1f07343 Thanks @matthewp! - Removes state.provide(), state.resolve(), state.finalizeAll(), and App.Providers from the public advanced routing API. These context provider extension points are now internal-only. If you were using them in an integration, use locals to share per-request state instead.

• #17111 c0f33ed Thanks @ematipico! - Harden the limits on the number of decoding on the URL.

• #16982 1e000e2 Thanks @matthewp! - Improves the warning when accessing Astro.session without session storage configured. The session property is now always defined on the context object, and accessing it without configuration logs a helpful message instead of silently returning undefined.

• #16335 9a53f77 Thanks @ascorbic! - Adds shared helper utilities for CDN cache provider authors for route caching

  Exports astro/cache/provider-utils with helpers for building platform-specific cache-control headers, generating path-based invalidation tags, and normalizing invalidation options. These are used internally by the first-party Netlify, Vercel, and Cloudflare cache providers.

• #17095 e84ebc0 Thanks @matthewp! - Improves build performance by removing an unfiltered transform hook from the astro:head-metadata-build plugin. Head propagation modules are now identified by their module ID (?astroPropagatedAssets) instead of scanning every module's source code.

• #17041 4c4a91c Thanks @iseraph-dev! - Fixes a bug where the advanced routing astro/hono / astro/fetch pages() handler returned the host framework's default Internal Server Error response instead of rendering the custom 500.astro page when a page threw during render. Unmatched requests with a prerendered (or absent) custom 404 page now render the 404 error page instead of failing the same way.

• #17097 5e340d7 Thanks @iseraph-dev! - Fixes a bug where the advanced routing astro/hono / astro/fetch middleware() handler returned the host framework's default Internal Server Error response instead of rendering the custom 500.astro page when middleware threw. Unmatched requests with a prerendered (or absent) custom 404 page now render the 404 error page instead of failing the same way. Errors surfaced through next (the host framework's downstream chain) still propagate to the host's own error handler.

• #15819 cafec4e Thanks @delucis! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)

• #17104 b074a37 Thanks @iseraph-dev! - Fixes the custom 500.astro page receiving an empty error prop when the error originated in middleware.

• #17078 04547ec Thanks @astrobot-houston! - Fixes a spurious Astro.request.headers warning on prerendered pages when security.allowedDomains is configured. The internal allowedDomains header validation now skips prerendered routes, since they use synthetic requests with no real headers.

• #16603 deaaf3f Thanks @alexanderniebuhr! - Removes the warning that Astro does not support vite v8, since Astro v7 does support vite v8

• #16335 9a53f77 Thanks @ascorbic! - Passes the Request object to CacheProvider.setHeaders() for route caching

  Cache providers now receive the incoming Request as a second argument to setHeaders(options, request). This allows CDN providers to read the request URL, headers, and other properties when generating cache response headers, for example to auto-tag responses with their pathname for path-based invalidation.

• #17098 637a1b6 Thanks @matthewp! - Fixes internal Astro headers leaking from direct pages() handler responses

• #17090 3cf76c0 Thanks @matthewp! - Fixes Vite and Rolldown build warnings

• #16434 ee079d4 Thanks @ematipico! - Fixes an issue where i18n domains would return 404 when trailingSlash is set to never.

• Updated dependencies [7e7ab87, ff7b718, 241250b]:

  • @astrojs/markdown-satteri@0.3.1

@astrojs/alpinejs@1.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/cloudflare@14.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Minor Changes

• #16335 9a53f77 Thanks @ascorbic! - Adds an opt-in CDN cache provider for Astro route caching on Cloudflare Workers

  [!WARNING]
  This provider requires the Cloudflare Workers Cache feature, which is currently in private beta. It is opt-in: nothing changes unless you import cacheCloudflare() and set it as your provider. But without beta access it does not work and should not be used. Cloudflare Workers run in front of the cache, so cached responses are never served, and calling cache.invalidate() throws an error.

  Setup

  Import cacheCloudflare() from @astrojs/cloudflare/cache and set it as your cache provider:

  import { defineConfig } from 'astro/config';
  import cloudflare from '@astrojs/cloudflare';
  import { cacheCloudflare } from '@astrojs/cloudflare/cache';
  
  export default defineConfig({
    adapter: cloudflare(),
    cache: {
      provider: cacheCloudflare(),
    },
  });

  The adapter automatically enables the Worker caching layer when a Cloudflare cache provider is configured. No manual wrangler.jsonc changes are needed.

  Caching responses

  Use Astro.cache.set() in your pages and API routes to cache responses. The provider sets Cloudflare-CDN-Cache-Control and Cache-Tag headers, which are read by Cloudflare's built-in caching layer. Cache hits bypass Worker execution entirely, meaning your Worker is not invoked for cached responses.

  ---
  Astro.cache.set({ maxAge: 300, tags: ['products'] });
  const data = await fetchProducts();
  ---
  
  <ProductList items={data} />

  You can also set cache rules for groups of routes in your config:

  cache: { provider: cacheCloudflare() },
  routeRules: {
    '/products/[...slug]': { maxAge: 3600, tags: ['products'] },
    '/api/[...path]': { maxAge: 60, swr: 600 },
  },

  Invalidation

  Purge cached responses by tag or path from any API route or server endpoint:

  // src/pages/api/purge.ts
  export async function POST({ request, cache }) {
    await cache.invalidate({ tags: ['products'] });
    return new Response('Purged');
  }
  
  // Path-based invalidation (implemented via an auto-generated path tag)
  await cache.invalidate({ path: '/products/123' });

  Both tag-based and path-based invalidation are supported.

Patch Changes

• #16961 96398e8 Thanks @adamchal! - Speeds up astro sync by no longer starting the Cloudflare runtime during type generation

• #16671 fd926fd Thanks @alexanderniebuhr! - Removes deprecations warnings added in Astro v6 for Cloudflare specific Astro.locals properties.

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

• Updated dependencies []:

  • @astrojs/underscore-redirects@1.0.3

@astrojs/markdoc@2.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/mdx@7.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

• #17129 ff7b718 Thanks @Princesseuh! - Adds support for modifying frontmatter programmatically with the default Markdown processor.

  A Sätteri plugin can now read and mutate ctx.data.astro.frontmatter, and Astro uses the result as the page's frontmatter, in both Markdown and MDX.

Patch Changes

• #17124 7e7ab87 Thanks @Princesseuh! - Updates satteri to 0.9.0. See the Sätteri changelog for details.

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/netlify@8.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Minor Changes

• #16335 9a53f77 Thanks @ascorbic! - Adds a CDN cache provider for Astro route caching on Netlify

  Setup

  Import cacheNetlify() from @astrojs/netlify/cache and set it as your cache provider:

  import { defineConfig } from 'astro/config';
  import netlify from '@astrojs/netlify';
  import { cacheNetlify } from '@astrojs/netlify/cache';
  
  export default defineConfig({
    adapter: netlify(),
    cache: {
      provider: cacheNetlify(),
    },
  });

  Caching responses

  Use Astro.cache.set() in your pages and API routes to cache responses on Netlify's edge network. The provider uses Netlify's durable cache so cached responses are shared across all edge nodes, reducing function invocations.

  ---
  Astro.cache.set({ maxAge: 300, tags: ['products'] });
  const data = await fetchProducts();
  ---
  
  <ProductList items={data} />

  You can also set cache rules for groups of routes in your config:

  cache: { provider: cacheNetlify() },
  routeRules: {
    '/products/[...slug]': { maxAge: 3600, tags: ['products'] },
    '/api/[...path]': { maxAge: 60, swr: 600 },
  },

  Invalidation

  Purge cached responses by tag or path from any API route or server endpoint:

  // src/pages/api/purge.ts
  export async function POST({ request, cache }) {
    await cache.invalidate({ tags: ['products'] });
    return new Response('Purged');
  }
  
  // Path-based invalidation
  await cache.invalidate({ path: '/products/123' });

  Both tag-based and path-based invalidation are supported.

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

• Updated dependencies []:

  • @astrojs/underscore-redirects@1.0.3

@astrojs/preact@6.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/react@6.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/solid-js@7.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/svelte@9.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

• #16549 9d9d516 Thanks @ocavue! - Updates @sveltejs/vite-plugin-svelte to v7. No user action is necessary.

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/vercel@11.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Minor Changes

• #16335 9a53f77 Thanks @ascorbic! - Adds a CDN cache provider for Astro route caching on Vercel

  Setup

  Import cacheVercel() from @astrojs/vercel/cache and set it as your cache provider:

  import { defineConfig } from 'astro/config';
  import vercel from '@astrojs/vercel';
  import { cacheVercel } from '@astrojs/vercel/cache';
  
  export default defineConfig({
    adapter: vercel(),
    cache: {
      provider: cacheVercel(),
    },
  });

  Caching responses

  Use Astro.cache.set() in your pages and API routes to cache responses on Vercel's edge network. The provider sets Vercel-CDN-Cache-Control and Vercel-Cache-Tag headers on responses.

  ---
  Astro.cache.set({ maxAge: 300, tags: ['products'] });
  const data = await fetchProducts();
  ---
  
  <ProductList items={data} />

  You can also set cache rules for groups of routes in your config:

  cache: { provider: cacheVercel() },
  routeRules: {
    '/products/[...slug]': { maxAge: 3600, tags: ['products'] },
    '/api/[...path]': { maxAge: 60, swr: 600 },
  },

  Invalidation

  Purge cached responses by tag or path from any API route or server endpoint:

  // src/pages/api/purge.ts
  export async function POST({ request, cache }) {
    await cache.invalidate({ tags: ['products'] });
    return new Response('Purged');
  }
  
  // Path-based invalidation
  await cache.invalidate({ path: '/products/123' });

  Both tag-based and path-based invalidation are supported. Tag invalidation is a soft invalidation, marking cached responses as stale so they can be revalidated in the background via stale-while-revalidate.

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/vue@7.0.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

create-astro@5.1.0

Minor Changes

• #17122 cbd6123 Thanks @matthewp! - Adds a default AGENTS.md file to new projects with dev server instructions and documentation links. Also creates a CLAUDE.md symlink (with hard link fallback) pointing to AGENTS.md.

@astrojs/node@11.0.0

Patch Changes

• #17054 d426b67 Thanks @astrobot-houston! - Fixes an issue where Astro files with non-ASCII characters in their name weren't correctly served after the build.

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/markdown-satteri@0.3.1

Patch Changes

• #17124 7e7ab87 Thanks @Princesseuh! - Updates satteri to 0.9.0. See the Sätteri changelog for details.

• #17129 ff7b718 Thanks @Princesseuh! - Adds support for modifying frontmatter programmatically with the default Markdown processor.

  A Sätteri plugin can now read and mutate ctx.data.astro.frontmatter, and Astro uses the result as the page's frontmatter, in both Markdown and MDX.

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

Changes

Reworks the way metadata flows through Sätteri so that plugins can modify it, like you can on remark. This makes the code very similar to remark's and unlocks the ability for users to modify the frontmatter.

Testing

Added tests

Docs

Will need some updates, but nothing is technically untrue if this is merged, so could be done separately.

Changes

• scripts/turbo-run-affected.js appended the changed-file range [origin/<base>...HEAD] to every --filter, including exclusions like !./packages/language-tools/**/*. That scoped the exclusion to packages that themselves changed (and skipped the {…} directory wrapping it applies to normal directory filters), so the exclusion stopped applying.
• As a result, an excluded package was still selected when affected by an upstream change: @astrojs/ts-plugin (affected whenever astro changes) got pulled into the test:integrations suite, which has no xvfb, so its VS Code test segfaults. It normally hides behind a turbo cache hit and only surfaces on a cold cache (e.g. a PR that touches pnpm-lock.yaml).
• Fix: pass exclusion filters (!…) through unchanged so they stay absolute. The ts-plugin/VS Code tests then run only in the dedicated test-language-tools job (which sets up xvfb and already marks them non-failing).
• No changeset: this only touches CI scripting, with no changes to any published package.

Testing

Verified with turbo run test … --dry=json (planning only, no tests executed), using the stabilise-cache range — a real case where astro changed but no language-tools package did, which is what triggers the bug:

• Inclusion only — --filter="@astrojs/*[origin/main...origin/stabilise-cache]" selects @astrojs/ts-plugin and @astrojs/language-server (affected via their dependency on astro).
• Old behavior — adding the range-scoped exclusion --filter="!./packages/language-tools/**/*[origin/main...origin/stabilise-cache]" (what the script produced before): ts-plugin and language-server are still selected. ❌
• Fixed behavior — adding the absolute exclusion --filter="!./packages/language-tools/**/*" (what the script produces now): ts-plugin and language-server are excluded. ✅

So test:integrations no longer pulls in language-tools packages, and the ts-plugin/VS Code tests run only in the dedicated test-language-tools job.

Docs

No docs needed: this is internal CI tooling with no user-facing behavior change.

Changes

Just a bump to latest, fixes a few issues and improves performance with plugins.

Testing

Should pass

Docs

N/A

The client router didn't copy server islands marker comments during head swap.
Now it does.

Closes #17105

Server islands within the <head> might very well not match their initial intention.
Nevertheless, I decided for this fix as it was quicker and less disruptive than documenting and checking that server:defer isn't used inside the <head>. Also, I saw no technical reason to prevent this and maybe the abiliability to comes in handy some day ;-)

Testing

New e2e test

Docs

n.a. / bug fix.

Changes

• create-astro now generates an AGENTS.md in new projects with dev server background mode instructions and links to commonly needed Astro docs.
• Creates a CLAUDE.md symlink pointing to AGENTS.md, with a hard link fallback for Windows environments without Developer Mode.

Testing

• Added generateAgentsMd tests verifying the background dev command and documentation links are present.

Docs

• No docs update needed. This is a scaffolding change that generates a file for AI coding agents, not a user-facing API.

Changes

• Adds new config serverIslandHostname
• Updates manifests (serialized and plugin) to use the new config value
• Refactors existing logic for prepending config.base such that there won't be duplicated slashes

Testing

Tested using a local project that will make use of the feature.

Smoke tests:

• Run astro dev
  -- with new config set -- observe that the config value is included at the beginning of the server island URL
  -- with the new config unset -- observe that the config value is unchanged
• Run astro build
  -- with new config set -- observe that generated static code includes new config value at the beginning of the server island URL
  -- with the new config unset -- observe that the config value is unchanged

Ran unit tests for packages/astro

Docs

@withastro/maintainers-docs

This could affect the user's behavior if a user sets this value and isn't aware that they need to deploy the server side application to wherever this new hostname is proxying.

withastro/docs#14130

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

⚠️⚠️⚠️⚠️⚠️⚠️

main is currently in pre mode so this branch has prereleases rather than normal releases. If you want to exit prereleases, run changeset pre exit on main.

⚠️⚠️⚠️⚠️⚠️⚠️

Releases

astro@7.0.0-beta.6

Minor Changes

• #17116 f95e58e Thanks @ascorbic! - Stabilizes route caching, removing the experimental.cache and experimental.routeRules flags and replacing them with the top-level cache and routeRules configuration options.

  Route caching, introduced experimentally in v6.0.0, is now stable. It gives you a platform-agnostic way to cache responses from on-demand rendered pages and endpoints, based on standard HTTP caching semantics.

  Update your config to move cache and routeRules out of the experimental block:

  // astro.config.mjs
  import { defineConfig, memoryCache } from 'astro/config';
  
  export default defineConfig({
  -  experimental: {
  -    cache: {
  -      provider: memoryCache(),
  -    },
  -    routeRules: {
  -      '/blog/[...path]': { maxAge: 300, swr: 60 },
  -    },
  -  },
  +  cache: {
  +    provider: memoryCache(),
  +  },
  +  routeRules: {
  +    '/blog/[...path]': { maxAge: 300, swr: 60 },
  +  },
  });

  Set caching directives in your routes with Astro.cache (in .astro pages) or context.cache (in API routes and middleware), and Astro translates them into the appropriate headers or runtime behavior depending on your configured cache provider. You can also define cache rules for routes declaratively in your config using routeRules, without modifying route code.

  See the route caching guide for more information.

Patch Changes

• #17090 3cf76c0 Thanks @matthewp! - Fixes Vite and Rolldown build warnings

• Updated dependencies [7e7ab87]:

  • @astrojs/markdown-satteri@0.3.1-beta.2

create-astro@5.1.0-beta.0

Minor Changes

• #17122 cbd6123 Thanks @matthewp! - Adds a default AGENTS.md file to new projects with dev server instructions and documentation links. Also creates a CLAUDE.md symlink (with hard link fallback) pointing to AGENTS.md.

@astrojs/cloudflare@14.0.0-beta.3

Patch Changes

• #16961 96398e8 Thanks @adamchal! - Speeds up astro sync by no longer starting the Cloudflare runtime during type generation

• Updated dependencies []:

  • @astrojs/underscore-redirects@1.0.3

@astrojs/mdx@7.0.0-beta.4

Patch Changes

• #17124 7e7ab87 Thanks @Princesseuh! - Updates satteri to 0.9.0. See the Sätteri changelog for details.

@astrojs/markdown-satteri@0.3.1-beta.2

Patch Changes

• #17124 7e7ab87 Thanks @Princesseuh! - Updates satteri to 0.9.0. See the Sätteri changelog for details.

Follow-up to #3923, this PR cleans up various parts regarding aside and heading link icons:

• The Unified/Sätteri aside plugins now uses the same Starlight icons as the existing ones already rendered by the <Aside> component
• The Unified/Sätteri heading link plugins and <AnchorHeading> component now uses a new common Starlight icon (link-alt to match the Unicons naming)
• As it felt weird to only add new link-alt icon, I also added the matching link icon

The diff also shows how much more minified the aside component icons are compared to our previous Markdown plugin ones. I wonder if we forgot to minify them or just used a different preset 🤷

Not quite sure if a changeset for the deduping part of the PR should be added. Visually, nothing changed, and it's mostly SVG path changes. And if yes, not quite sure how to phrase it as my attempts so far kinda hinted wrong icons were rendered which is not the case 😅 Finally managed to write something I'm happy with.

Changes

Stabilises the route caching feature. Moves the cache and routeRules configuration from experimental to top-level config.

It is not enabled by default, and needs a cache provider to be configured. This will likely be enabled for adapters once #16335 lands.

Testing

Updated tests

Docs

Draft docs: withastro/docs#13977

Changes

I moved the code for issue triage over to https://github.com/withastro/triagebot-action so that:

• Easier to test in isolation, don't have to "merge and pray" like we do now when making changes.
• Potentially use triage in other projects, although no plans to add it yet.

Additionally I took the opportunity to make it into a full state machine, there are no more unknown states and the triage bot can recover from, for example, the reporter saying that the issue isn't fixed by the pending fix.

Also standardized the label names for consistency with triage: {name} format.

This PR removes the Flue code which now lives there, and uses the action.

Testing

• The action has its own unit tests (27 passing) covering the FSM router and label management.

Docs

• No docs update needed. This is an internal CI automation change.

Changes

This PR cherry-pick the changes we just shipped in Astro v6.4.8

Testing

Green CI

Docs

N/A

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to 6-legacy, this PR will be updated.

Releases

astro@6.4.8

Patch Changes

• #17109 27c80ea Thanks @ematipico! - Harden the limits on the number of decoding on the URL.

Changes

Improves the hardening of decoded URLs

Testing

Added new tests

Docs

N/A

Changes

• When a non-root base is set, the Cloudflare adapter now relocates public/_redirects to the assets root (dist/client/_redirects) alongside .assetsignore and _headers. Previously, the file was left at dist/client/<base>/_redirects where Cloudflare Workers Assets can't find it, silently dropping all user-defined redirects in production.
• Because relocation happens before the auto-generated-redirects step, user-defined rules land at the root first and any route-derived redirects are correctly appended afterward.

Testing

• Added two test cases to with-base.test.ts: one verifying _redirects exists at the client root (not nested under the base path), and one verifying user-defined redirect content from public/_redirects is preserved after build.
• Added public/_redirects to the with-base fixture.

Docs

• No docs update needed; this is a bug fix restoring behavior consistent with the default base: '/' case.

Closes #17101

Changes

• Updates the fix-verification flue workflow model from claude-sonnet-4-20250801 (which does not exist) to claude-sonnet-4-6 (Claude Sonnet 4.6, the current production Sonnet). The previous model claude-sonnet-4-20250514 was deprecated, and #17100 attempted to update it but used a non-existent model ID.

Testing

• No test changes. The fix-verification workflow runs in CI via the Fix Verify GitHub Action — a successful run confirms the model resolves correctly.

Docs

• No docs needed; internal CI workflow change only.

Changes

Follow-up to #17041 and #17097. The #17097 description flagged one item as out of scope: on the composable astro/hono path the custom 500.astro rendered with an empty error prop, so Astro.props.error was undefined and the page could not show what threw. It turns out this is not specific to astro/hono, and not a middleware-handler issue. It lives in the production error handler and affects the standard adapter as well.

When middleware throws, the path's catch calls app.renderError(..., { error }). DefaultErrorHandler.renderError then renders the matching 500.astro by running the middleware chain again (so middleware can still set headers, locals, etc. on the error page). The error state reuses the original request, so the same user middleware runs again and throws again. The handler catches that and retries with skipMiddleware: true ("middleware may be the cause of the error"), but the retry object dropped the original error. It fell out of the spread and reached the error page as undefined.

The result: any path that rendered a custom 500 for a middleware-thrown error lost Astro.props.error (the standard @astrojs/node adapter, the all-in-one astro() handler, and the composable middleware()). Page-render errors via pages() were unaffected, because the middleware does not re-throw on the error render, so the first attempt succeeds with the error intact. The dev error handler was also unaffected; it already forwards an error on its retry.

The fix carries the original error through the skip-middleware retry (one line in packages/astro/src/core/errors/default-handler.ts). BuildErrorHandler delegates to DefaultErrorHandler, so prerendered error pages pick up the same fix.

Testing

• Added a unit test in test/units/fetch/index.test.ts (the middleware() block): user middleware throws and the custom /500 page echoes Astro.props.error, asserting the thrown message reaches the page. It fails before the change (the error page renders blank) and passes after. The full unit suite stays green (2942 passing, 3 skipped).
• Verified end to end against the #17092 reproduction (Hono, app.use(middleware()) + app.use(pages()), node standalone, a 500.astro that prints Astro.props.error):
  • GET /boom (middleware throws) now renders 500.astro with the message boom from middleware, previously blank.
  • GET /page-throws still renders 500.astro with its message (no regression).
  • GET /does-not-exist still renders the custom 404, and GET / still returns 200.

Notes

• The retry passes the original error (the cause of the 500), which is what every non-retry path already passes. The dev handler instead forwards the re-thrown error on its retry; aligning the two is cosmetic and left out of this change.
• The deliberate "no error to report" reroute paths (the status-code 404/500 reroutes that pass error: null/undefined) are unchanged.

Changes

• The LLM returns literal \n (backslash + n) instead of actual newlines when producing a string via tool-call results. Unescapes them before posting to GitHub so comments render with real line breaks.

Testing

• No test changes. The .flue/ workflow code has no test harness; verified by inspecting the hex dump of the affected comment (bytes 5c 6e instead of 0a).

Docs

• No docs needed — internal bot infrastructure change.

Changes

• Updates the fix-verification flue workflow model from claude-sonnet-4-20250514 (EOL) to claude-sonnet-4-20250801. The old model is no longer available, causing verification runs to fail.

Testing

• No test changes — config-only update.

Docs

• No docs needed — internal CI workflow change.

Changes

• Keeps a user-configured image.service when the Cloudflare adapter is using imageService: 'compile', so custom getURL() and getHTMLAttributes() hooks are used while prerendering markup in workerd.
• Loads the configured custom service during the Node-side image generation pass, so custom transform() hooks are used for generated image assets.
• Extends imageService: 'custom' to also generate optimized image assets at build time, mirroring compile. It runs the configured image.service (or Astro's default Sharp service when none is set) during the Node-side generation pass, while continuing to use the configured service for runtime image handling.

The compile rows also cover the compound form imageService: { build: 'compile', runtime: ... }.

Testing

• Reworks the Cloudflare compile image service test coverage into a build-time generation matrix that exercises both imageService: 'compile' and imageService: 'custom' across three service configurations: no user service (Astro's default Sharp service), a Sharp-free custom service, and a Sharp-backed custom service. Each cell asserts:
  • hashed _astro/*.webp assets are generated at build time (real WEBP bytes, or the custom transform() marker for the Sharp-free user service);
  • custom getHTMLAttributes() markup is preserved;
  • the worker bundle deps match each mode's contract: compile stays Sharp-free (Sharp runs only on the Node side); custom reflects its configured runtime service — clean for a Sharp-free user service, but dragging Sharp in for both a Sharp-backed user service and the no-image.service default.

Docs

• The Cloudflare adapter guide could be updated to mention that the 'compile' mode “uses image.service, if defined otherwise a combination of internal dependencies to transform images locally at build time for prerendered routes.” And it could also mention that 'custom' will do the same thing during build time. But, it may not be necessary—I feel like this is what I expected to be the case. Happy to draft a withastro/docs PR.
• Draft docs PR withastro/docs#14095

Related PRs

• This is related to #16194, which adds an opt-in compound { build: 'cloudflare-binding' } mode so the Cloudflare Images binding transforms prerendered images during the build (writing optimized bytes directly, falling back to Sharp); this PR keeps local image-service generation paths working with custom image services and brings build-time generation to custom mode. The behaviors should compose: compile and custom respect custom local image services, while the opt-in cloudflare-binding build mode uses the Images binding.

Closes #16201

Changes

• Moves internal route/reroute metadata from response headers onto FetchState, preventing direct pages() responses from leaking x-astro-route-type or x-astro-reroute.
• Updates routing, i18n, endpoint, and no-op middleware handling to use state fields instead of internal response headers.

Testing

• Updated fetch unit tests to assert direct pages() responses do not expose Astro internal headers.
• Verified fetch, i18n, routing, and endpoint tests.

Docs

• No docs needed — internal metadata handling with no user-facing API changes.

Changes

On the composable astro/hono path, middleware() delegated straight to AstroMiddleware.handle(), with none of the app-level error handling AstroHandler provides on the standard path. A throw in the user's own src/middleware.ts therefore reached the host framework's default error handler (Hono: plain-text Internal Server Error) instead of rendering the custom 500.astro. The all-in-one astro() handler and the standard adapter path both render 500.astro for the same throw, so the gap was specific to composing middleware() on its own. This is the middleware counterpart of #16952 / #17041, which fixed the pages() side and flagged this as out of scope (#17092).

• Added AstroMiddleware.handleWithErrorFallback(app, state, renderRouteCallback) (core/middleware/astro-middleware.ts): wraps the middleware chain in a try/catch that logs the error and renders it via app.renderError(..., { status: 500, error }), the same behaviour AstroHandler.render() has on the standard path and PagesHandler.handleWithErrorFallback() got in #17041.
• #17041 noted the catch couldn't simply live here, because middleware()'s next is the host's next(): a plain try/catch would also swallow errors thrown by host middleware running below it in the chain and hide them from the user's own app.onError. A sentinel handles that. Errors surfaced through the route-dispatch callback (the host's next, i.e. middleware mounted below middleware()) are tracked and re-thrown, so only errors from Astro's own middleware become 500.astro while host errors still reach app.onError.
• Added the same unmatched-route guard pages() got in #17041. When no route matched (the custom 404 page is prerendered or absent, so routeData is unset), it returns a 404 marked with X-Astro-Error for the app's post-check instead of running middleware against a missing route. Without the guard, AstroMiddleware.handle() calls getProps() on the missing route, throws a TypeError, and the 500 catch above turns the unmatched request into a 500. This matches AstroHandler, which 404s before running middleware on the standard path.
• Switched middleware() in core/fetch/index.ts to delegate to the new method (delegation only, no logic added - that file keeps its exports as thin wrappers).
• Added a changeset (astro patch).

The triage on #17092 explored the same sentinel approach.

Testing

• Added 'renders the custom 500 page when user middleware throws' - verifies a throw in user middleware returns HTTP 500 with the custom 500 page content.
• Added 're-throws errors from the next callback instead of rendering the 500 page' - verifies an error surfaced through next propagates to the caller (so the host's error handling still runs) instead of being rendered as 500.astro.
• Added 'returns a marked 404 without running middleware when the custom 404 route is prerendered' - verifies an unmatched request returns HTTP 404 with the X-Astro-Error marker and that user middleware and next are not run.
• Verified end-to-end against the reproduction from #17092 (updated to cover both gaps; Hono, app.use(middleware()) + app.use(pages()), node standalone), and confirmed the composable path now matches the all-in-one astro() on every case:
  • GET /boom (throws in src/middleware.ts) -> 500 with the custom 500 page, previously Hono's plain-text Internal Server Error.
  • GET /page-throws -> 500 with the custom 500 page (the #17041 path, still working).
  • GET / -> 200.
  • With a host (Hono) middleware mounted below middleware() that throws, the request still reaches app.onError rather than 500.astro.
  • GET /does-not-exist (unmatched) with a prerendered custom 404 -> 404 rendering the custom 404 page, previously 500; with no custom 404 -> the default 404 page.

Out of scope (noticed while testing)

On the middleware path the rendered 500.astro gets an empty error prop, so the page can't show what threw. This looks pre-existing rather than introduced here: the all-in-one astro() handler behaves the same, while page-render errors via pages() do populate error. Better addressed separately.

Docs

• No docs update needed - this restores the documented custom-error-page behaviour on the composable path (the pages() counterpart was #17041).

Closes #17092

Changes

• Removes the unfiltered transform hook from astro:head-metadata-build that ran on every module in the build. This plugin was consuming 36% of total plugin time in PLUGIN_TIMINGS reports. Head propagation modules are now identified by checking for the ?astroPropagatedAssets query param on their module ID in generateBundle, instead of scanning every module's source code for the "use astro:head-inject" directive.
• Applies the same ID-based check to the dev plugin (astro:head-metadata) for consistency.
• Removes the now-unused hasHeadPropagationCall function and the "use astro:head-inject" directive from templates/content/module.mjs (redundant — the virtual content module already sets propagation: "in-tree" via module metadata).

Testing

• All 24 remaining head propagation unit tests pass (7 hint detection tests removed with the deleted module).
• Head propagation prerender, astro-head, and CSS order integration tests pass.
• Manual verification with examples/blog: added a component with global CSS to an MDX content entry, confirmed styles appear on the post page and do not bleed onto the blog index. Also confirmed that disabling the new check causes no regression because MDX uses the propagation: "self" metadata path independently.

Docs

• No docs needed — internal build performance improvement with no user-facing API changes.

Changes

Integration entrypoints are unsafe to import inside the app because they're:

• Not written with bundling in mind
• Can import some build-time only stuff

This PR fixes this by exporting the container renderer definition from a separate entrypoint, deprecating the old one for all integrations.

Fixes #16954
Fixes #17068

Testing

Updated tests to import from the new entrypoint

Docs

withastro/docs#14077

Changes

• Removes the deprecated resolve.alias customResolver option from the astro:tsconfig-alias plugin. CSS @import alias resolution is now handled by a separate enforce: "pre" transform hook that rewrites aliased specifiers to absolute paths before Vite's CSS plugin processes them. The existing resolveId hook for JS/TS imports is unchanged.
• Disables Rolldown's checks.pluginTimings in the build config to suppress the [PLUGIN_TIMINGS] warning that fires by default.

Testing

• All 4 existing alias test suites pass (11 tests), including alias-tsconfig.test.ts "works in css @import" which validates multi-path tsconfig alias resolution in CSS @import statements.

Docs

• No docs needed — internal warning suppression with no user-facing API changes.

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

⚠️⚠️⚠️⚠️⚠️⚠️

main is currently in pre mode so this branch has prereleases rather than normal releases. If you want to exit prereleases, run changeset pre exit on main.

⚠️⚠️⚠️⚠️⚠️⚠️

Releases

astro@7.0.0-beta.5

Major Changes

• #16965 57ead0d Thanks @Princesseuh! - Makes 'jsx' the default value for compressHTML

  Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.

  This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.

Patch Changes

• #17111 c0f33ed Thanks @ematipico! - Harden the limits on the number of decoding on the URL.

• #17095 e84ebc0 Thanks @matthewp! - Improves build performance by removing an unfiltered transform hook from the astro:head-metadata-build plugin. Head propagation modules are now identified by their module ID (?astroPropagatedAssets) instead of scanning every module's source code.

• #17041 4c4a91c Thanks @iseraph-dev! - Fixes a bug where the advanced routing astro/hono / astro/fetch pages() handler returned the host framework's default Internal Server Error response instead of rendering the custom 500.astro page when a page threw during render. Unmatched requests with a prerendered (or absent) custom 404 page now render the 404 error page instead of failing the same way.

• #17097 5e340d7 Thanks @iseraph-dev! - Fixes a bug where the advanced routing astro/hono / astro/fetch middleware() handler returned the host framework's default Internal Server Error response instead of rendering the custom 500.astro page when middleware threw. Unmatched requests with a prerendered (or absent) custom 404 page now render the 404 error page instead of failing the same way. Errors surfaced through next (the host framework's downstream chain) still propagate to the host's own error handler.

• #17104 b074a37 Thanks @iseraph-dev! - Fixes the custom 500.astro page receiving an empty error prop when the error originated in middleware.

• #17098 637a1b6 Thanks @matthewp! - Fixes internal Astro headers leaking from direct pages() handler responses

@astrojs/mdx@7.0.0-beta.3

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

@astrojs/preact@6.0.0-beta.2

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

@astrojs/react@6.0.0-beta.2

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

@astrojs/solid-js@7.0.0-beta.2

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

@astrojs/svelte@9.0.0-beta.4

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

@astrojs/vue@7.0.0-beta.2

Minor Changes

• #17093 4585fe5 Thanks @Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@astrojs/react';
  + import { getContainerRenderer } from '@astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Close: #12175
Closes AST-188

Changes

When it defines a locale-specific page like /pt/404.astro,

• Astro resolves it for missing /pt/* routes, returns the correct 404 status for /pt/404,
• keeps normal routes like /docs/404 as normal pages.

Testing

Added focused unit tests for the new localized error route helpers and app routing behavior, then reviewed the generated test cases to make sure they match the existing test style and cover the important cases.

The tests cover:

• selecting localized /404 and /500 routes when available
• falling back to the global error route when no localized route exists
• returning 404 for /pt/404
• keeping normal localized pages like /pt/about as 200
• keeping normal routes like /docs/404 as normal pages
• fetching prerendered localized 404 pages from the correct output path

Docs

This may need docs because this PR fixes support for localized custom error pages

Description

EDIT: I removed the "fixes (issue number)", as that is a redirect issue and will be addressed separately (#3957).

I was doing a manual setup with an existing project to add Starlight. I first noticed the broken link for integrations, which this PR addresses. I also found I needed to setup Astro first, but there wasn't a link to it in the document.

This PR:

• fixes the broken link for the integrations page on the manual setup page
• adds a link to the manual setup for Astro in the neighboring content
• makes these changes across all translations with a manual-setup.mdx page

I made these changes by hand, but relied on AI to identify the correct text to update for adding the manual setup for Astro link. I checked with translation tools and they look correct, but I cannot say I have 100% confidence the added link encapsulates the correct text perfectly across all languages. I have tested this locally.

This is my first contribution to Astro - let me know if you have any suggestions. I can always remove the added link for Manual Setup of Astro if desired. I realize a discussion may have been warranted for that type of improvement.

Changes

• Updates .changeset/config.json baseBranch from origin/next to origin/main. After the v7 release merged next into main, main is the active development branch. The stale origin/next ref causes pnpm changeset status to fail in CI workflows like preview releases.

Testing

• No test changes. This is a config-only fix.

Docs

• No docs needed.

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

⚠️⚠️⚠️⚠️⚠️⚠️

main is currently in pre mode so this branch has prereleases rather than normal releases. If you want to exit prereleases, run changeset pre exit on main.

⚠️⚠️⚠️⚠️⚠️⚠️

Releases

astro@7.0.0-beta.4

Major Changes

• #16966 6650ec2 Thanks @Princesseuh! - Makes Sätteri the default Markdown processor

  Astro now renders .md files with satteri() from @astrojs/markdown-satteri, its native Markdown pipeline, instead of the remark/rehype pipeline. @astrojs/markdown-remark is no longer installed by default.

  To keep using the remark/rehype pipeline, install @astrojs/markdown-remark and set it as your processor:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import { unified } from '@astrojs/markdown-remark';
  
  export default defineConfig({
    markdown: {
      processor: unified(),
    },
  });

  The deprecated markdown.remarkPlugins, markdown.rehypePlugins, and markdown.remarkRehype options still work, but now require @astrojs/markdown-remark to be used.

Patch Changes

• #17078 04547ec Thanks @astrobot-houston! - Fixes a spurious Astro.request.headers warning on prerendered pages when security.allowedDomains is configured. The internal allowedDomains header validation now skips prerendered routes, since they use synthetic requests with no real headers.

@astrojs/node@11.0.0-beta.2

Patch Changes

• #17054 d426b67 Thanks @astrobot-houston! - Fixes an issue where Astro files with non-ASCII characters in their name weren't correctly served after the build.

Changes

This PR updates our workflows to release form 6-legacy branch

Closes AST-180

Testing

Green CI

Docs

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@astrojs/starlight-markdoc@0.7.0

Minor Changes

• #3951 1202dd4 Thanks @HiDeoo! - ⚠️ BREAKING CHANGE: The minimum supported version of Starlight is now 0.41.0

  Please use the @astrojs/upgrade command to upgrade your project:

  npx @astrojs/upgrade

@astrojs/starlight@0.41.0

Minor Changes

• #3951 1202dd4 Thanks @HiDeoo! - Adds support for Astro v7, drops support for Astro v6.

  Upgrade Astro and dependencies

  ⚠️ BREAKING CHANGE: Astro v6 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

  npx @astrojs/upgrade

  Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v7. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

  ⚠️ BREAKING CHANGE: This release drops official support for Chromium-based browsers prior to version 111 (released 07 March 2023) and Safari-based browsers prior to version 16.4 (released 27 March 2023). You can find a list of currently supported browsers and their versions using this browserslist query.

Patch Changes

• #3953 a935d33 Thanks @HiDeoo! - Fixes Starlight Markdown processing being potentially applied to files that should not be processed.

Changes

• Fixes spurious Astro.request.headers warning when using security.allowedDomains with prerendered pages. The warning was incorrectly triggered by Astro's internal forwarded header resolution, not by user code.
• Skips the #applyForwardedHeaders() call for prerendered routes since forwarded headers are meaningless for synthetic requests with no real headers.

Testing

• Added packages/astro/test/units/app/prerender-allowed-domains.test.ts with tests verifying no header access warnings for prerendered routes and that header access still works for non-prerendered routes.

Docs

• No docs update needed, this fixes a bug without changing user-facing behavior.

Closes #17077

Description

This PR adds Persian as a new language for the Starlight documentation and includes the initial translated pages.

Changes

• Added fa to the locales configuration in docs/astro.config.mjs, docs/lunaria.config.json

• Added the Persian language subtag to .github/labeler.yml

• Added the Persian translation for:

  • docs/src/content/docs/fa/index.mdx
  • docs/src/content/docs/fa/404.mdx

Notes

This is the initial step for Persian localization. Additional documentation pages will be translated and submitted in future pull requests.

Changes

Adds logic for astro add cli command to create .gitignore entries for cloudflare and netlify.

See also roadmap discussion

Testing

Tested locally using pnpm pack on an empty astro repo. Also created new test file for the cli add command.

Docs

The logger provides enough of a guide, so additional docs don't seem necessary.

https://github.com/gajus/zod-compiler compiles Zod schemas at build time to 2-75x time faster express

Changes

Fixes component URL resolution when hydrated component entry chunks are merged by Rollup manualChunks.

When a user configures manualChunks() to merge framework component modules, Rollup can emit a small proxy chunk for the component entry that re-exports from the final manual chunk. Astro previously mapped the hydrated component entry to that proxy chunk, causing astro-island component-url to reference the intermediary chunk instead of the final merged chunk.

This change resolves those proxy entry chunks to the directly imported output chunk that contains the original component module, while preserving the existing chunk when it already contains the entry module.

Testing

Added regression coverage for a Vue hydrated component fixture with manualChunks(id) { if (id.includes('.vue')) return 'components'; }.

The test verifies that:

• astro-island component-url points at the emitted components.*.js manual chunk
• the manual chunk is emitted
• generated HTML does not reference the intermediary Foo.*.js proxy chunk

Validation

• rtk pnpm -C packages/astro build
• rtk pnpm -C packages/integrations/vue exec astro-scripts test "test/app-entrypoint.test.ts" --match "manual chunk"
• rtk pnpm -C packages/integrations/vue exec astro-scripts test "test/app-entrypoint.test.ts"
• rtk git diff --check

Fixes #17016

Changes

• Refactored selector to target only elements with an explicit role attribute: selector:[role]:is(${[...a11y_implicit_semantics.keys()].join(',')},input)
• Fixed logic (if (role === implicitRole) return false;) that was causing validation failures to be silently ignored.
• Bypass redundant role warnings for implicit ARIA role exceptions.

if(
  (localName === 'ul' && role === 'list') || 
  (localName === 'ol' && role === 'list') || 
  (localName === 'li' && role === 'listitem')) 
{ 
  return false; 
}

Testing

• Add e2e tests for a11y-no-redundant-roles
  • Added Playwright tests to verify the fixed dev toolbar audit rule under both violating and valid scenarios.
• Verify 8 redundant role violation cases
  • Ensured that warnings properly trigger when explicit roles duplicate their implicit ARIA.
• Verify 7 valid exception and override cases
  • Confirmed that no false are triggered for legitimate browser-bug workarounds and intentional role overrides.

Before implementation

After implementation

Docs

Close #17062
Close #15995

Changes

• Removes the unconditional redirectRoute inclusion from getRoutesForEnvironment in packages/astro/src/vite-plugin-pages/pages.ts. In hybrid mode (output: 'static' + adapter), this was pulling prerendered pages into the SSR bundle when they were targets of config-level redirects, inflating the bundle by orders of magnitude (reporter saw 68MB vs ~1.4MB).
• This is a simpler alternative to #17061. That PR added a route.redirectRoute.prerender === isPrerender guard, which is correct but redundant — redirect targets already appear in the routes list with their own prerender flag and are included by the existing route.prerender === isPrerender check during their own iteration. Removing the block entirely is the right fix because:
  • SSR redirect responses are generated from route metadata alone (renderRedirect uses segments/pathname for the Location header). No component is loaded — AstroHandler.render() short-circuits before getModuleForRoute is ever called.
  • The only codepath that needs the target's component is prerendering (for getStaticPaths on dynamic targets), but prerendered redirects and their targets share the same prerender flag, so both are already in the prerender environment's route set.

Closes #17060
Supersedes #17061

Testing

• Added packages/astro/test/units/redirects/environment-filtering.test.ts with 4 test cases covering all combinations of redirect/target prerender flags: SSR redirect to prerendered target (must exclude target from SSR set), prerendered redirect to prerendered target (both included), SSR redirect to SSR target (both included), prerendered redirect to SSR target (must exclude target from prerender set).

Docs

• No docs update needed — this is an internal build optimization fix with no user-facing API change.

Changes

Bump volar-service-* deps 0.0.70 → 0.0.71 to resolve yaml CVE-2026-33532

volar-service-yaml@0.0.70 pulls yaml-language-server@~1.20.0 → yaml@2.7.1,
which is vulnerable to CVE-2026-33532 (GHSA-48c2-rrv3-qjmp, stack-overflow DoS,
fixed in yaml 2.8.3). volar-service-yaml@0.0.71 moves to
yaml-language-server@~1.23.0 → yaml@2.8.3.

Bumping the full volar-service-* set in lockstep to keep them aligned against
@volar/* ~2.4.28. This propagates the fix down to @astrojs/check via its
@astrojs/language-server ^2.16.7 range, no change needed there.

Testing

No tests added; patch version bump of volar dependencies.

Docs

This should have zero user-facing effects beyond removing CVE-2026-33532 from
their security scanners.

Description

While implementing support for markdown.processedDirs in a Starlight plugin, I realized on our implementation was a bit fragile. I would guess nobody ever ran into this issue in practice as this behavior existed since we initially introduced heading links.

For example, a configured path like ./src/content/custom/ could process ./src/content/custom-test/index.md.

Follow-up to #17049, fixing the E2E failures discussed in #17049 (comment). Root-cause analysis in #17049 (comment) — this PR targets the flue/fix-17047 branch so it can be merged into #17049 directly.

Changes

• src/prerenderer.ts: drop the status-based failure check. It treated any non-2xx prerender response as a build failure, but pages may intentionally return non-2xx while prerendering — the E2E Cloudflare fixture's missing.astro returns new Response(null, { status: 404 }) in production builds, which is what broke the E2E jobs. The x-astro-prerender-error header is now the only failure signal.
• src/utils/prerender.ts: add installPrerenderErrorPropagation(). The header path was previously dead code: app.render() never rejects on render errors because AstroHandler catches the throw and the production DefaultErrorHandler renders a 500 error page, so the buffering catch in handlePrerenderRequest never fired (the new test was passing only via the status check). This override replicates core's BuildErrorHandler semantics on the worker app: render errors (status 500 with an error and no response) are rethrown, while intentional error responses and 404s flow through the default handler unchanged.
• src/utils/handler.ts: install the override when isPrerender is true.

Error flow for a genuine render crash: throw → AstroHandler catch → patched renderError rethrows → app.render rejects → handlePrerenderRequest catch → 500 + x-astro-prerender-error header → Node-side render() throws → build fails.

Testing

• test/prerenderer-errors.test.ts passes (both tests) — a page throwing during prerendering still fails the build.
• packages/astro/e2e/fixtures/cloudflare builds successfully again with the intentional 404 in missing.astro — the exact case that failed the E2E jobs.
• Full adapter test suite results match a baseline run of the unmodified #17049 code.

🤖 Generated with Claude Code

What's the problem?

Closes #17001.

With trailingSlash: "always" set, dynamic file endpoints like src/pages/api/[name].json.ts require a trailing slash in dev:

Static file endpoints (/feed.xml) worked correctly. Only dynamic ones were broken.

Root cause

trailingSlashForPath in create-manifest.ts was:

type === 'endpoint' && pathname && hasFileExtension(pathname) ? 'never' : config.trailingSlash

For any route with a dynamic segment, pathname is null (it's only set for fully-static paths). The null short-circuits the && chain before hasFileExtension ever runs, so the function falls back to config.trailingSlash regardless of whether the route has a file extension.

The build path works differently — it resolves concrete paths from getStaticPaths params — which is why the mismatch only surfaces in dev.

Fix

Pass the segment-joined route string as a fallback when pathname is null. joinSegments always preserves file extensions even for dynamic segments:

// /api/[name].json.ts -> /api/[name].json
joinSegments(segments) // '/api/[name].json'

const trailingSlashForPath = (
	pathname: string | null,
	config: AstroConfig,
	type: 'page' | 'endpoint',
	route?: string,
): AstroConfig['trailingSlash'] =>
	type === 'endpoint' && hasFileExtension(pathname ?? route ?? '') ? 'never' : config.trailingSlash;

At all three call sites (createFileBasedRoutes, createRoutesFromEntriesByDir, createInjectedRoutes), route is now computed before the trailing slash call and passed through.

Testing

Added 'dynamic file endpoints force trailingSlash never regardless of config. issues#17001' to packages/astro/test/units/routing/manifest.test.ts. It covers:

• dynamic file endpoint matches without trailing slash
• dynamic file endpoint does not match with trailing slash
• existing static file endpoint behavior is unchanged

Changes

• Fixes prerendered routes with non-ASCII characters (Thai, Korean, Cyrillic, etc.) incorrectly returning 301 redirects to trailing slash URLs despite trailingSlash: "never" setting
• Adds guarded decodeURI() call before filesystem lookup in serve-static.ts so percent-encoded URLs match actual directory names on disk
• Resolves SEO issues where canonical redirect loops cause search engines to drop non-ASCII pages

Testing

• Added Thai test fixture สวัสดี.astro with prerendering enabled
• Added test verifying non-ASCII prerendered route serves 200 without trailing slash
• Added test verifying non-ASCII prerendered route with trailing slash redirects to no-slash URL

Docs

• No docs update needed — this fixes existing documented trailingSlash: "never" behavior

Closes #16989

Changes

• Fixes image compilation regression for Cloudflare adapter users with static output. The image optimizer was looking in wrong directory (dist/_astro/ instead of dist/client/_astro/), causing ENOENT build failures.
• Replaces hardcoded outDir usage with getClientOutputDirectory(settings) helper in prepareAssetsGenerationEnv() to respect preserveBuildClientDir setting.

Testing

• Confirmed by issue reporter (@kitschpatrol) that the fix resolves the build failure
• Existing core image test suite (207 tests) and preserve-build-client-dir tests (7 tests) continue to pass

Docs

• No docs update needed, this fixes broken functionality to work as originally documented

Closes #16919

Closes #17047

Changes

• Pages that throw during prerendering now correctly fail the build with a non-zero exit code instead of silently emitting truncated HTML
• The Cloudflare adapter now buffers the full response body inside workerd before returning it over HTTP, so streaming errors are caught and surfaced as 500 responses
• Prerender error messages are included in a custom x-astro-prerender-error header and checked by the Node-side build process

When a component throws mid-render (e.g. an unregistered <Font> CSS variable), the previous implementation would commit HTTP status 200 before the stream completed. The stream would then abort, but the Node-side build process received the truncated body as a successful 200 response and wrote it to disk, causing astro build to exit 0 with broken output.

Testing

• Added packages/integrations/cloudflare/test/prerenderer-errors.test.ts with test case 'fails the build when a page throws during prerendering'
• Added prerenderer-render-error test fixture with a page that throws during rendering to verify the fix

Docs

• No docs update needed — this fixes existing documented behavior (builds should fail when pages throw during prerendering)

Changes

Follow up of withastro/compiler-rs#45

Updates astro to use the latest version of the compiler

Testing

Green CI

Docs

Description

This PR adds support for Astro 7.

Known issues

• 🟢 Many warnings (1 in dev, 6 in build) due to the use of resolve.alias[].customResolver now deprecated and probably related to the Astro astro:tsconfig-alias vite plugin still using it.

  [WARN] [vite] `resolve.alias` contains an alias with `customResolver` option. This is deprecated and will be removed in Vite 9. Please use a custom plugin with a resolveId hook and `enforce: 'pre'` instead.

  • Fixed by withastro/astro#17090

• 🟢 Warning at build time due to some plugins taking significant time during the build process which is due to the pluginTimings built-in Rolldown check enabled by default. Feels weird in a release about speed to get warnings about some things being slow. Maybe we should disable this check by default?

  [WARN] [vite] [PLUGIN_TIMINGS] Your build spent significant time in plugins. Here is a breakdown:
  - @mdx-js/rolldown (41%)
  - astro:head-metadata-build (36%)
  - vite-plugin-astro-expressive-code (4%)
  - astro:server-islands (3%)
  - vite:css-post (2%)

  • Fixed by withastro/astro#17090

• 🟢 Type-checking issue in packages/starlight/integrations/remark-asides.ts

  • Fixed by bruits/satteri#97

• 🟢 Some duplicated heading IDs in the Sätteri databag

  • Fixed by withastro/astro#17165

Remaining tasks

• Investigate size-limit CSS size change (probably Vite 8/Rolldown related but need to see what and confirm the hypothesis)
  • Experimenting with lazy barrel pptimization
• Bump Astro dependencies to latest stable versions once released.
• Bump some peer dependencies versions once ready to release.
• Search and address any TODO(HiDeoo) comments.
• Add changesets.
  • Make sure changesets use the correct new Starlight version number (e.g. 0.41.0).
  • Make sure to have updated links to v7 migration guide.
• Update the banner link in docs/src/content/docs/index.mdx to point to the correct version tag.
• Re-enable link validation
  • Will probably happen post-release once the plugin is updated
• Merge with the following Lunaria directive:

  @lunaria-ignore:docs/src/content/docs/pt-pt/index.mdx;docs/src/content/docs/uk/index.mdx;docs/src/content/docs/zh-cn/index.mdx
  

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to next, this PR will be updated.

⚠️⚠️⚠️⚠️⚠️⚠️

next is currently in pre mode so this branch has prereleases rather than normal releases. If you want to exit prereleases, run changeset pre exit on next.

⚠️⚠️⚠️⚠️⚠️⚠️

Releases

@astrojs/alpinejs@1.0.0-beta.1

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/cloudflare@14.0.0-beta.2

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/markdoc@2.0.0-beta.1

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/mdx@7.0.0-beta.2

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/netlify@8.0.0-beta.1

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/node@11.0.0-beta.1

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/preact@6.0.0-beta.1

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/react@6.0.0-beta.1

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/solid-js@7.0.0-beta.1

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/svelte@9.0.0-beta.3

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/vercel@11.0.0-beta.1

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/vue@7.0.0-beta.1

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

@astrojs/markdown-satteri@0.3.1-beta.1

Patch Changes

• #17027 241250b Thanks @ocavue! - Triggers beta prereleases for packages that are still on alpha

Changes

• Fixes CSS incorrectly loading on pages that don't import it when using client:only islands in production builds
• Adds missing isCSSRequest filter to the client:only CSS association loop in plugin-css.ts, matching the existing filter in the non-client:only code path
• Prevents CSS from unrelated modules being associated with pages when Rollup bundles pure utility modules into the same chunk as CSS-importing modules
• Reporter confirmed dramatic CSS reductions: frontpage went from 14 stylesheets/718.2 KB to 1 stylesheet/481.2 KB

Testing

• Adds reproduction test client-only-css-chunk-leak.test.ts that verifies CSS is only loaded on pages that actually import it

Docs

• No docs update needed — this fixes incorrect behavior to match documented CSS scoping for islands

Closes #17043

Changes

Under experimental.advancedRouting, the composable astro/hono pages() handler delegated straight to PagesHandler.handle(), with none of the app-level error handling that AstroHandler provides on the standard path. A page throwing during render therefore propagated to the host framework, which answered with its own default error response (Hono: plain-text Internal Server Error) instead of rendering the custom 500.astro page (#16952).

• Added PagesHandler.handleWithErrorFallback(app, state) (core/pages/handler.ts): wraps route dispatch in a try/catch that logs the error and renders it via app.renderError(..., { status: 500, error }), the same behaviour AstroHandler.render() has on the standard path. Forwarding error keeps the documented error prop on 500.astro working. The logic lives in the handler module because core/fetch/index.ts deliberately keeps its exports as thin, logic-free wrappers.
• When no route matched, handleWithErrorFallback() returns a 404 response marked with X-Astro-Error (the same pattern handle() uses for the un-dispatched redirect case), so the app's existing post-check renders the 404 error page a level up. This case is reachable because #16911 intentionally leaves routeData unset when the custom 404 route is prerendered (or absent), where PagesHandler.handle() would otherwise throw a TypeError and the catch would turn those unmatched requests into 500s. The 500 path keeps calling renderError() directly: the marker cannot carry the error object, so 500.astro would lose its error prop and the stack would not be logged.
• Switched pages() in core/fetch/index.ts to delegate to the new method (delegation only, no logic added).
• Added a changeset (astro patch).

Testing

• Added 'renders the custom 500 page when a page throws during render' - verifies the full pages() pipeline returns HTTP 500 with the custom 500 page content when a page throws during render
• Added 'returns a marked 404 for the app post-check when the custom 404 route is prerendered' - verifies unmatched requests return HTTP 404 carrying the X-Astro-Error marker instead of throwing
• Verified end-to-end against the reproduction from #16952 (Hono + app.use(pages()), node standalone): GET /boom -> 500 with the custom 500 page (previously Hono's plain-text Internal Server Error), GET /does-not-exist -> 404 serving the prerendered 404 page with the marker stripped from the final response, GET / -> 200; the thrown error is logged with its stack trace

Out of scope (noticed while testing)

Errors thrown by Astro middleware itself (src/middleware.ts) on the composable path (app.use(middleware())) still reach the host framework's default error handler instead of 500.astro. On the standard path, AstroHandler.render()'s try/catch wraps the whole middleware chain, so middleware errors get the same 500.astro treatment. The equivalent catch can't simply live inside the composable middleware(): its next is the host's next(), so it would also intercept errors thrown by host middleware running below it in the chain and hide them from the user's own app.onError. The all-in-one astro() handler already provides full parity. A possible follow-up would be an error-page helper exported from astro/hono (e.g. app.onError(onError())) so composable users can opt in - happy to open a separate issue for this.

Docs

• No docs update needed, this fixes broken functionality in an experimental feature so it matches the documented custom-error-page behavior (the 404 counterpart was #16911)

Closes #16952

Closes #17039

Changes

• Middleware file watcher now triggers HMR for files inside the src/middleware/ directory, not just src/middleware.{ts,js} files directly
• Updates the Vite plugin path matcher to include both middleware. (existing) and middleware/ (new) prefixes, matching the fix pattern used for actions in #16932

Testing

• Added packages/astro/test/units/middleware/middleware-hmr.test.ts with 8 test cases covering path matching for both file and directory patterns

Docs

• No docs update needed — this fixes existing documented behavior that was broken for directory-based middleware organization

What this fixes

joinPaths() in @astrojs/internal-helpers filters out non-string arguments (so callers can pass undefined for optional segments), but the branch that detects the last segment compared the map index against the original, unfiltered argument count:

export function joinPaths(...paths: (string | undefined)[]) {
	return paths
		.filter(isString)
		.map((path, i) => {
			if (i === 0) {
				return removeTrailingForwardSlash(path);
			} else if (i === paths.length - 1) { // ← unfiltered length
				return removeLeadingForwardSlash(path);
			} else {
				return trimSlashes(path);
			}
		})
		.join('/');
}

When a skipped (undefined) argument precedes the final one, the filtered array is shorter than paths.length, so the real last segment no longer matches i === paths.length - 1. It falls into the else branch and gets trimSlashes(), which strips its trailing slash — even though joinPaths is supposed to preserve the trailing slash of the last segment (that is exactly what removeLeadingForwardSlash does, as opposed to trimSlashes).

Reproduction

joinPaths('/base', undefined, 'docs/setup/'); // → '/base/docs/setup'  (expected '/base/docs/setup/')
joinPaths('/foo', 'bar/', undefined);         // → '/foo/bar'          (expected '/foo/bar/')
joinPaths(undefined, 'pl', 'docs/setup/');    // → 'pl/docs/setup'     (expected 'pl/docs/setup/')

The invariant being violated: a skipped argument should yield the same result as omitting it. joinPaths(a, undefined, b) must equal joinPaths(a, b).

The fix

Compute the filtered array once and base the last-segment check on its length:

export function joinPaths(...paths: (string | undefined)[]) {
	const segments = paths.filter(isString);
	return segments
		.map((path, i) => {
			if (i === 0) {
				return removeTrailingForwardSlash(path);
			} else if (i === segments.length - 1) {
				return removeLeadingForwardSlash(path);
			} else {
				return trimSlashes(path);
			}
		})
		.join('/');
}